[rt-users] Option to Emulate another RT user from SuperUser

Matt Zagrabelny mzagrabe at d.umn.edu
Thu Nov 12 13:50:02 EST 2015


On Thu, Nov 12, 2015 at 12:40 PM, Joe Kirby <kirby at umbc.edu> wrote:
> We recently turned of Set($UseSQLForACLChecks, 1) for performance reasons.

Sorry. Haven't used that setting yet.

> Are you saying we could have a special config in place that would allow me
> to access our system in non-SSO mode or would I have to cloned the db to
> such an area?

We bypass it via the browser user agent. Here is a snippet from our
apache configs:

    SetEnvIf User-Agent ^KnockKnock let_me_in

    # Allow either Shib-ed users or KnockKnock agents to be able to access the
    # system. KnockKnock agents will still have to authenticate to the local
    # RT login page.
    <Location />
        <RequireAny>
            AuthType shibboleth
            ShibRequireSession on
            Require valid-user

            Require env let_me_in
        </RequireAny>

        Options +ExecCGI
        AddHandler fastcgi-script fcgi
    </Location>

Then to access RT's login page, change your browser's user agent to
"KnockKnock" or whatever string you choose.

-m


More information about the rt-users mailing list