<div dir="ltr">Hi dwdixon,<div><br></div><div>I wish I could show you a concrete working example. I had this working some time ago but abandoned it in favor of straight LDAP when we changed intranets. </div><div><br></div><div>I believe you have it not quite correct when you speak of trying to get the cookie from the browser to RT. Actually, it is the server side cookie you need be concerned about. </div><div><br></div><div>The RT::Authen::ExternalAuth::DBI::Cookie provides a configuration for you to reach into the database of another system to match existing cookies against users. </div><div><br></div><div>Imagine you have, say, a WordPress intranet that is configured to store a cookie each time a user logs in. As you probably know, that cookie is kept for the duration of the session and obviates the need for the user to login on each subsequent page visit. If you can configure said intranet (beyond the scope of the RT documentation unfortunately) to store those cookies into tables in, say, a MySQL database, RT::Authen::ExternalAuth::DBI::Cookie can use the same database to lookup those cookies and match them to a user in RT, thereby allowing the user to login to RT without a password as well. You don't need to write the cookies to RT's database, it will reach into the other database and look at them. </div><div><br></div><div>I know I'm not getting you much further down the path but hopefully just a bit helpful. </div><div><br></div><div>-John</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Feb 10, 2016 at 2:36 PM, dwdixon <span dir="ltr"><<a href="mailto:dwdixon@umich.edu" target="_blank">dwdixon@umich.edu</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class=""><br>
<br>
> *CAVEAT* I've never used this module.<br>
<br>
</span><span class="">> There is a link at the bottom of the<br>
> <a href="https://metacpan.org/pod/RT::Authen::ExternalAuth::DBI::Cookie" rel="noreferrer" target="_blank">https://metacpan.org/pod/RT::Authen::ExternalAuth::DBI::Cookie</a> docs.<br>
> I've pasted it below for convenience:<br>
<br>
> <a href="https://metacpan.org/pod/RT::Authen::ExternalAuth::DBI" rel="noreferrer" target="_blank">https://metacpan.org/pod/RT::Authen::ExternalAuth::DBI</a><br>
<br>
</span>Thanks for the quick response- I did see that link and took a look, but I<br>
was not certain I had to configure all of those details outlined at this<br>
link you mentioned: <a href="https://metacpan.org/pod/RT::Authen::ExternalAuth::DBI" rel="noreferrer" target="_blank">https://metacpan.org/pod/RT::Authen::ExternalAuth::DBI</a><br>
since I'm only going to be using the "My_SSO_Cookie" ExternalAuth and not<br>
really directly using the "My_MySQL" external auth other than as a result of<br>
"My_SSO_Cookie" depending on it in at least some capacity it seems. Hope<br>
that makes sense...I'm just trying to minimize my config to only use the<br>
least possible to make "My_SSO_Cookie" work.<br>
<span class=""><br>
> From looking at the configs, I believe something other than RT is<br>
> giving the browser a cookie and placing that cookie value into a<br>
> database.<br>
<br>
> RT::Authen::ExternalAuth::DBI::Cookie is just the glue between RT and<br>
> that authenticating service.<br>
<br>
</span>Yes, I did understand that much, but as far as I'm aware unless something<br>
(Maybe "My_MySQL"??) writes these to a (RT's?) database I don't see how I<br>
would be populating the c_table, c_field, c_match_key otherwise? My<br>
external auth service is a SSO solution that sets a cookie in my browser and<br>
I can view that cookie using Chromes Cookie Inspector extension but there is<br>
no "database-like" structure to a/the cookie so I'm a bit confused by the<br>
parameters sounding like they should be from a database?<br>
<br>
Basically, I'm trying to discover the simplest way possible how do I get the<br>
cookie from the browser passed on to RT where RT says<br>
<br>
"I've checked the SSO cookie for User1 and User1 is already authenticated"<br>
"I've now checked the RT database and User1 exists in the RT database"<br>
"Now that I Know User1 exists I'm presenting his specific User1 RT session<br>
and dashboard etc. etc."<br>
"User1 is now fully automatically logged into RT based on his SSO<br>
authentication service cookie"<br>
<br>
Any clarity surrounding how this is done or if anyone does this currently<br>
and could shed some light on how to do this such as a working example config<br>
or just with more detail than the docs provide would be extremely helpful<br>
and I would be even more grateful!<br>
<br>
Thanks again-<br>
<br>
<br>
<br>
--<br>
View this message in context: <a href="http://requesttracker.8502.n7.nabble.com/Cookie-based-auth-works-but-takes-me-to-login-page-tp56394p61340.html" rel="noreferrer" target="_blank">http://requesttracker.8502.n7.nabble.com/Cookie-based-auth-works-but-takes-me-to-login-page-tp56394p61340.html</a><br>
<span class="im HOEnZb">Sent from the Request Tracker - User mailing list archive at Nabble.com.<br>
<br>
</span><div class="HOEnZb"><div class="h5">---------<br>
RT 4.4 and RTIR Training Sessions (<a href="http://bestpractical.com/services/training.html" rel="noreferrer" target="_blank">http://bestpractical.com/services/training.html</a>)<br>
* Hamburg Germany March 14 & 15, 2016<br>
</div></div></blockquote></div><br></div>