<br><font size=2 face="sans-serif">Greetings.</font>
<br>
<br><font size=2 face="sans-serif">I am attempting to get RT to work with
the CA SiteMinder Single Sign-On package. I have siteminder up and
running and it is setting the REMOTE_USER variable, however when I attempt
to use rt (http://myhost/rt) it continues to require a login. My
understanding is that, since I've told it to use webserver login, it should
skip the rt login. Can anybody offer any suggestions as to why it
continues to require a login?</font>
<br>
<br><font size=2 face="sans-serif">Thanks!<br>
</font>
<br><font size=2 face="sans-serif">Here's a list of all the environmental
variables being set by the web server (appropriately expurgated):</font>
<br>
<br><font size=6><b>Environment</b></font>
<table width=100%>
<tr>
<td width=29%><font size=3>DOCUMENT_ROOT</font>
<td width=70%><font size=3>/export/html</font>
<tr>
<td><font size=3>GATEWAY_INTERFACE</font>
<td><font size=3>CGI/1.1</font>
<tr>
<td><font size=3>HTTPS</font>
<td><font size=3>on</font>
<tr>
<td><font size=3>HTTP_ACCEPT</font>
<td><font size=3>text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5</font>
<tr>
<td><font size=3>HTTP_ACCEPT_CHARSET</font>
<td><font size=3>ISO-8859-1,utf-8;q=0.7,*;q=0.7</font>
<tr>
<td><font size=3>HTTP_ACCEPT_ENCODING</font>
<td><font size=3>gzip,deflate</font>
<tr>
<td><font size=3>HTTP_ACCEPT_LANGUAGE</font>
<td><font size=3>en-us,en;q=0.5</font>
<tr>
<td><font size=3>HTTP_CONNECTION</font>
<td><font size=3>keep-alive</font>
<tr>
<td><font size=3>HTTP_COOKIE</font>
<td><font size=3>SMSESSION=foo;</font>
<br><font size=3>RT_SID_foo.bar.com.443=e045e95272ae23da68e02d1132feed89</font>
<tr>
<td><font size=3>HTTP_HOST</font>
<td><font size=3>foo.bar.com</font>
<tr>
<td><font size=3>HTTP_KEEP_ALIVE</font>
<td><font size=3>300</font>
<tr>
<td><font size=3>HTTP_SM_AUTHDIRNAME</font>
<td><font size=3>XXXX</font>
<tr>
<td><font size=3>HTTP_SM_AUTHDIRNAMESPACE</font>
<td><font size=3>XXXX:</font>
<tr>
<td><font size=3>HTTP_SM_AUTHDIROID</font>
<td><font size=3>XXXX</font>
<tr>
<td><font size=3>HTTP_SM_AUTHDIRSERVER</font>
<td><font size=3>XXXX</font>
<tr>
<td><font size=3>HTTP_SM_AUTHENTIC</font>
<td><font size=3>YES</font>
<tr>
<td><font size=3>HTTP_SM_AUTHORIZED</font>
<td><font size=3>YES</font>
<tr>
<td><font size=3>HTTP_SM_AUTHREASON</font>
<td><font size=3>0</font>
<tr>
<td><font size=3>HTTP_SM_AUTHTYPE</font>
<td><font size=3>Form</font>
<tr>
<td><font size=3>HTTP_SM_REALM</font>
<td><font size=3>foo root</font>
<tr>
<td><font size=3>HTTP_SM_REALMOID</font>
<td><font size=3>XXXXX</font>
<tr>
<td><font size=3>HTTP_SM_SDOMAIN</font>
<td><font size=3>.bar.com</font>
<tr>
<td><font size=3>HTTP_SM_SERVERIDENTITYSPEC</font>
<td>
<tr>
<td><font size=3>HTTP_SM_SERVERSESSIONID</font>
<td><font size=3>foobar</font>
<tr>
<td><font size=3>HTTP_SM_SERVERSESSIONSPEC</font>
<td><font size=3>foobar</font>
<tr>
<td><font size=3>HTTP_SM_SESSIONDRIFT</font>
<td><font size=3>-1</font>
<tr>
<td><font size=3>HTTP_SM_TIMETOEXPIRE</font>
<td><font size=3>7193</font>
<tr>
<td><font size=3>HTTP_SM_TRANSACTIONID</font>
<td><font size=3>foobar</font>
<tr>
<td><font size=3>HTTP_SM_USER</font>
<td><font size=3>jpnarkinsky</font>
<tr>
<td><font size=3>HTTP_SM_USERDN</font>
<td><font size=3>corpid=002006779, ou=vzcore,o=corp</font>
<tr>
<td><font size=3>HTTP_USER_AGENT</font>
<td><font size=3>Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.11)
Gecko/20071127 Firefox/2.0.0.11</font>
<tr>
<td><font size=3>PATH</font>
<td><font size=3>/bin:/usr/bin</font>
<tr>
<td><font size=3>QUERY_STRING</font>
<td>
<tr>
<td><font size=3>REMOTE_ADDR</font>
<td><font size=3>111.222.333.444</font>
<tr>
<td><font size=3>REMOTE_PORT</font>
<td><font size=3>4380</font>
<tr>
<td><font size=3>REMOTE_USER</font>
<td><font size=3>jpnarkinsky</font>
<tr>
<td><font size=3>REQUEST_METHOD</font>
<td><font size=3>GET</font>
<tr>
<td><font size=3>REQUEST_URI</font>
<td><font size=3>/ar/test.pl</font>
<tr>
<td><font size=3>SCRIPT_FILENAME</font>
<td><font size=3>/export/html/ar/test.pl</font>
<tr>
<td><font size=3>SCRIPT_NAME</font>
<td><font size=3>/ar/test.pl</font>
<tr>
<td><font size=3>SERVER_ADDR</font>
<td><font size=3>111.222.333.444</font>
<tr>
<td><font size=3>SERVER_ADMIN</font>
<td><font size=3>webmaster@localhost</font>
<tr>
<td><font size=3>SERVER_NAME</font>
<td><font size=3>foo.bar.com</font>
<tr>
<td><font size=3>SERVER_PORT</font>
<td><font size=3>443</font>
<tr>
<td><font size=3>SERVER_PROTOCOL</font>
<td><font size=3>HTTP/1.1</font>
<tr>
<td><font size=3>SERVER_SIGNATURE</font>
<td><font size=3><i>Apache/1.3.34 Server at foo.bar.com Port 443</i></font>
<tr>
<td><font size=3>SERVER_SOFTWARE</font>
<td><font size=3>Apache/1.3.34 (Ubuntu) mod_ssl/2.8.25 OpenSSL/0.9.8a mod_perl/1.29</font></table>
<br>
<br><font size=2 face="sans-serif">My RT_SiteConfig.pm:</font>
<br>
<br><font size=2 face="sans-serif"># RT_SiteConfig.pm</font>
<br><font size=2 face="sans-serif">#</font>
<br><font size=2 face="sans-serif"># These are the bits you absolutely
*must* edit.</font>
<br><font size=2 face="sans-serif">#</font>
<br><font size=2 face="sans-serif"># To find out how, please read</font>
<br><font size=2 face="sans-serif"># /usr/share/doc/request-tracker3.4/INSTALL.Debian</font>
<br>
<br><font size=2 face="sans-serif"># THE BASICS:</font>
<br>
<br><font size=2 face="sans-serif">Set($rtname, 'foo.bar.com');</font>
<br><font size=2 face="sans-serif">Set($Organization, 'foo.bar.com');</font>
<br>
<br><font size=2 face="sans-serif">Set($CorrespondAddress , 'foo-rt@bar.com');</font>
<br><font size=2 face="sans-serif">Set($CommentAddress , 'foo-rt-comment@my.domain.com');</font>
<br>
<br><font size=2 face="sans-serif">Set($Timezone , 'Europe/London'); #
obviously choose what suits you</font>
<br>
<br><font size=2 face="sans-serif"># THE DATABASE:</font>
<br>
<br><font size=2 face="sans-serif">Set($DatabaseType, 'mysql'); # e.g.
Pg or mysql</font>
<br>
<br><font size=2 face="sans-serif"># These are the settings we used above
when creating the RT database,</font>
<br><font size=2 face="sans-serif"># you MUST set these to what you chose
in the section above.</font>
<br>
<br><font size=2 face="sans-serif">Set($DatabaseUser , 'foo');</font>
<br><font size=2 face="sans-serif">Set($DatabasePassword , 'foobar');</font>
<br><font size=2 face="sans-serif">Set($DatabaseName , 'bar');</font>
<br>
<br><font size=2 face="sans-serif"># THE WEBSERVER:</font>
<br>
<br><font size=2 face="sans-serif">Set($WebPath , "/rt");</font>
<br><font size=2 face="sans-serif">Set($WebBaseURL , "http://foo.bar.com");</font>
<br>
<br><font size=2 face="sans-serif"># Cause RT to use external authorization
(i.e. siteminder)</font>
<br><font size=2 face="sans-serif">Set($WebExternalAuth , 1);</font>
<br>
<br><font size=2 face="sans-serif">Set($WebFallbackToInternalAuth , undef);</font>
<br>
<br><font size=2 face="sans-serif">Set($WebExternalAuto , 1);</font>
<br><font size=2 face="sans-serif">1;</font>
<br>
<br><font size=2 face="sans-serif">Patrick Narkinsky<br>
Sr. Solaris Systems Administrator<br>
Verizon<br>
540.597.8483<br>
patrick.narkinsky@verizon.com</font>