[rt-users] Cookie-based auth works, but takes me to login page

John Andersen john at yvig.com
Thu Feb 11 00:23:27 EST 2016


Hi dwdixon,

I wish I could show you a concrete working example.  I had this working
some time ago but abandoned it in favor of straight LDAP when we changed
intranets.

I believe you have it not quite correct when you speak of trying to get the
cookie from the browser to RT.  Actually, it is the server side cookie you
need be concerned about.

The RT::Authen::ExternalAuth::DBI::Cookie provides a configuration for you
to reach into the database of another system to match existing cookies
against users.

Imagine you have, say, a WordPress intranet that is configured to store a
cookie each time a user logs in.  As you probably know, that cookie is kept
for the duration of the session and obviates the need for the user to login
on each subsequent page visit.  If you can configure said intranet (beyond
the scope of the RT documentation unfortunately) to store those cookies
into tables in, say, a MySQL database,
RT::Authen::ExternalAuth::DBI::Cookie can use the same database to lookup
those cookies and match them to a user in RT, thereby allowing the user to
login to RT without a password as well.   You don't need to write the
cookies to RT's database, it will reach into the other database and look at
them.

I know I'm not getting you much further down the path but hopefully just a
bit helpful.

-John

On Wed, Feb 10, 2016 at 2:36 PM, dwdixon <dwdixon at umich.edu> wrote:

>
>
> > *CAVEAT* I've never used this module.
>
> > There is a link at the bottom of the
> > https://metacpan.org/pod/RT::Authen::ExternalAuth::DBI::Cookie docs.
> > I've pasted it below for convenience:
>
> > https://metacpan.org/pod/RT::Authen::ExternalAuth::DBI
>
> Thanks for the quick response- I did see that link and took a look, but I
> was not certain I had to configure all of those details outlined at this
> link you mentioned: https://metacpan.org/pod/RT::Authen::ExternalAuth::DBI
> since I'm only going to be using the "My_SSO_Cookie" ExternalAuth and not
> really directly using the "My_MySQL" external auth other than as a result
> of
> "My_SSO_Cookie" depending on it in at least some capacity it seems.  Hope
> that makes sense...I'm just trying to minimize my config to only use the
> least possible to make "My_SSO_Cookie" work.
>
> > From looking at the configs, I believe something other than RT is
> > giving the browser a cookie and placing that cookie value into a
> > database.
>
> > RT::Authen::ExternalAuth::DBI::Cookie is just the glue between RT and
> > that authenticating service.
>
> Yes, I did understand that much, but as far as I'm aware unless something
> (Maybe "My_MySQL"??) writes these to a (RT's?) database I don't see how I
> would be populating the c_table, c_field, c_match_key otherwise?  My
> external auth service is a SSO solution that sets a cookie in my browser
> and
> I can view that cookie using Chromes Cookie Inspector extension but there
> is
> no "database-like" structure to a/the cookie so I'm a bit confused by the
> parameters sounding like they should be from a database?
>
> Basically, I'm trying to discover the simplest way possible how do I get
> the
> cookie from the browser passed on to RT where RT says
>
> "I've checked the SSO cookie for User1 and User1 is already authenticated"
> "I've now checked the RT database and User1 exists in the RT database"
> "Now that I Know User1 exists I'm presenting his specific User1 RT session
> and dashboard etc. etc."
> "User1 is now fully automatically logged into RT based on his SSO
> authentication service cookie"
>
> Any clarity surrounding how this is done or if anyone does this currently
> and could shed some light on how to do this such as a working example
> config
> or just with more detail than the docs provide would be extremely helpful
> and I would be even more grateful!
>
> Thanks again-
>
>
>
> --
> View this message in context:
> http://requesttracker.8502.n7.nabble.com/Cookie-based-auth-works-but-takes-me-to-login-page-tp56394p61340.html
> Sent from the Request Tracker - User mailing list archive at Nabble.com.
>
> ---------
> RT 4.4 and RTIR Training Sessions (
> http://bestpractical.com/services/training.html)
> * Hamburg Germany  March 14 & 15, 2016
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20160210/ecc68dd2/attachment.htm>


More information about the rt-users mailing list