[rt-devel] canonicalising WebExternalAuth

seph seph at commerceflow.com
Tue May 28 23:49:36 EDT 2002

seph <seph at commerceflow.com> writes:

> I just started seriously hacking an RT to use either cert based auth,
> or password auth. (via WebExternalAuth and apache) In doing so, I
> discovered a couple things that bring me to needing a new feature in rt.
> I've included my patch, though I'm ashamed to admit it's untested. 

I've now tested that patch, and it appears to work fine.

I've also just completed stuff that does auto user creation. I took
inspiration from 2.1.13's new autohandler, but since every site's
going to have a different external data source, I moved stuff to the
config. I've even gone and tested this one. :)

I've attached code snippets and not a patch, since it's short, and my
code is already patched. If you're using 2.0.13, the autohandler code
goes around line 21. (that's WebRT/html/autohandler, or more properly
local/WebRT/html/autohandler if you didn't know)

have fun

-------------- next part --------------
if ($RT::WebExternalAuto and !$session{'CurrentUser'}->Id() ) {
    # Create users on-the-fly with default attributes

    my $UserObj = RT::User->new(RT::CurrentUser->new('root'));

    my ($val, $msg) = $UserObj->Create(
                                       %{ref($RT::AutoCreate) ? $RT::AutoCreate : {}},
                                       Name         => $user,
                                       Gecos        => $user,

    if ($val) {
        # let's get the info to set this user to
        my $newinfo = RT::WebExternalAutoInfo();
        # set the attributes that have been defined.
        foreach ('Name', 'Comments', 'Signature', 'EmailAddress',
                 'PagerEmailAddress', 'FreeformContactInfo',
                 'Organization', 'Disabled', 'Privileged',
                 'RealName', 'NickName', 'Lang', 'EmailEncoding',
                 'WebEncoding', 'ExternalContactInfoId',
                 'ContactInfoSystem', 'ExternalAuthId', 'Gecos',
                 'HomePhone', 'WorkPhone', 'MobilePhone',
                 'PagerPhone', 'Address1', 'Address2', 'City',
                 'State', 'Zip', 'Country') {

            my $method = "Set$_";
            $UserObj->$method($newinfo->{$_}) if( defined $newinfo->{$_} );
        #$UserObj->SetComments($n_comments) if defined $n_comments;
    else {
        delete $session{'CurrentUser'};
        $m->comp('/Elements/Login', %ARGS, Error=> "Cannot create user: $msg");

-------------- next part --------------

-------------- next part --------------
# define this if you want to auto create web users
$WebExternalAuto = 1;

# if you're auto creating users, they get their info from this function
# it should be returning an array with various User attributes.
sub WebExternalAutoInfo {
    my %info;

    # we have a cert. Let's get our info from there
    $info{'Comments'} = "automaticly created from info presented by cert";

    if( defined $ENV{'SSL_CLIENT_S_DN_Email'}
        && $ENV{'SSL_CLIENT_S_DN_Email'} =~ /(.*)@(.*)/ ) {
        $info{'EmailAddress'}= $ENV{'SSL_CLIENT_S_DN_Email'};
    if( defined $ENV{'SSL_CLIENT_S_DN_CN'} ) {
        $info{'RealName'} = $ENV{'SSL_CLIENT_S_DN_CN'};
        $info{'RealName'} =~ s/[\n\t ]+/ /g;

    # we like privledged users
    $info{'Privileged'} = 1;
    # and return the wad of stuff
    return {%info};

More information about the Rt-devel mailing list