[rt-users] $WebExternalAuth

patrick.narkinsky at verizon.com patrick.narkinsky at verizon.com
Wed Jan 23 10:51:26 EST 2008


Greetings.

I am attempting to get RT to work with the CA SiteMinder Single Sign-On 
package.  I have siteminder up and running and it is setting the 
REMOTE_USER variable, however when I attempt to use rt (http://myhost/rt) 
it continues to require a login.  My understanding is that, since I've 
told it to use webserver login, it should skip the rt login.  Can anybody 
offer any suggestions as to why it continues to require a login?

Thanks!

Here's a list of all the environmental variables being set by the web 
server (appropriately expurgated):

Environment
DOCUMENT_ROOT
/export/html
GATEWAY_INTERFACE
CGI/1.1
HTTPS
on
HTTP_ACCEPT
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
HTTP_ACCEPT_CHARSET
ISO-8859-1,utf-8;q=0.7,*;q=0.7
HTTP_ACCEPT_ENCODING
gzip,deflate
HTTP_ACCEPT_LANGUAGE
en-us,en;q=0.5
HTTP_CONNECTION
keep-alive
HTTP_COOKIE
SMSESSION=foo;
RT_SID_foo.bar.com.443=e045e95272ae23da68e02d1132feed89
HTTP_HOST
foo.bar.com
HTTP_KEEP_ALIVE
300
HTTP_SM_AUTHDIRNAME
XXXX
HTTP_SM_AUTHDIRNAMESPACE
XXXX:
HTTP_SM_AUTHDIROID
XXXX
HTTP_SM_AUTHDIRSERVER
XXXX
HTTP_SM_AUTHENTIC
YES
HTTP_SM_AUTHORIZED
YES
HTTP_SM_AUTHREASON
0
HTTP_SM_AUTHTYPE
Form
HTTP_SM_REALM
foo root
HTTP_SM_REALMOID
XXXXX
HTTP_SM_SDOMAIN
.bar.com
HTTP_SM_SERVERIDENTITYSPEC

HTTP_SM_SERVERSESSIONID
foobar
HTTP_SM_SERVERSESSIONSPEC
foobar
HTTP_SM_SESSIONDRIFT
-1
HTTP_SM_TIMETOEXPIRE
7193
HTTP_SM_TRANSACTIONID
foobar
HTTP_SM_USER
jpnarkinsky
HTTP_SM_USERDN
corpid=002006779, ou=vzcore,o=corp
HTTP_USER_AGENT
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.11) 
Gecko/20071127 Firefox/2.0.0.11
PATH
/bin:/usr/bin
QUERY_STRING

REMOTE_ADDR
111.222.333.444
REMOTE_PORT
4380
REMOTE_USER
jpnarkinsky
REQUEST_METHOD
GET
REQUEST_URI
/ar/test.pl
SCRIPT_FILENAME
/export/html/ar/test.pl
SCRIPT_NAME
/ar/test.pl
SERVER_ADDR
111.222.333.444
SERVER_ADMIN
webmaster at localhost
SERVER_NAME
foo.bar.com
SERVER_PORT
443
SERVER_PROTOCOL
HTTP/1.1
SERVER_SIGNATURE
Apache/1.3.34 Server at foo.bar.com Port 443
SERVER_SOFTWARE
Apache/1.3.34 (Ubuntu) mod_ssl/2.8.25 OpenSSL/0.9.8a mod_perl/1.29

My RT_SiteConfig.pm:

# RT_SiteConfig.pm
#
# These are the bits you absolutely *must* edit.
#
# To find out how, please read
#   /usr/share/doc/request-tracker3.4/INSTALL.Debian

# THE BASICS:

Set($rtname, 'foo.bar.com');
Set($Organization, 'foo.bar.com');

Set($CorrespondAddress , 'foo-rt at bar.com');
Set($CommentAddress , 'foo-rt-comment at my.domain.com');

Set($Timezone , 'Europe/London'); # obviously choose what suits you

# THE DATABASE:

Set($DatabaseType, 'mysql'); # e.g. Pg or mysql

# These are the settings we used above when creating the RT database,
# you MUST set these to what you chose in the section above.

Set($DatabaseUser , 'foo');
Set($DatabasePassword , 'foobar');
Set($DatabaseName , 'bar');

# THE WEBSERVER:

Set($WebPath , "/rt");
Set($WebBaseURL , "http://foo.bar.com");

# Cause RT to use external authorization (i.e. siteminder)
Set($WebExternalAuth , 1);

Set($WebFallbackToInternalAuth , undef);

Set($WebExternalAuto , 1);
1;

Patrick Narkinsky
Sr. Solaris Systems Administrator
Verizon
540.597.8483
patrick.narkinsky at verizon.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20080123/eac64c40/attachment.htm>


More information about the rt-users mailing list