[Rt-devel] Patch to allow alternate REMOTE_USER variable for WebExternalAuth.

Jason A. Smith smithj4 at bnl.gov
Thu Sep 24 19:43:02 EDT 2009


On Thu, 2009-09-24 at 17:37 -0400, Jesse Vincent wrote:
> It's our intent that sites override WebCanonicalizeInfo locally (to do
> something like what you have done). Because of that, I'm not sure it
> makes a lot of sense to clutter that sub with options.

Hi Jesse,

Ok, I understand, although it is much easier for a sysadmin to modify a
config setting than create their own Mason file to override an internal
RT function.  Also, consider the fact that single sign-on systems
outside of apache (which therefore can't use REMOTE_USER) are becoming
more popular, maybe it would be worth it to add an additional config
option.  There may be more people in the future who encounter the same
problem I did when trying to put RT behind their local SSO, and wonder
how to get RT to read the username.  Either way, I now know how to fix
it for us now.

Thanks,
~Jason

> On Thu, Sep 24, 2009 at 03:08:09PM -0400, Jason A. Smith wrote:
> > We are are testing WebAuth with RT and for it to work with
> > WebExternalAuth, I needed to have RT look for a variable name different
> > than the default REMOTE_USER.  Since Apache reserves REMOTE_USER for its
> > own purposes, WebAuth cannot use that variable.  So, we have our WebAuth
> > server set a different variable which contains the user's login name.
> > The attached patch adds an additional config variable and changes the
> > WebCanonicalizeInfo function to return the value of that variable, if
> > specified, or the default REMOTE_USER if not set.
> > 
> > I tested this with our WebAuth server and rt-3.8.5.
> > 
> > ~Jason

-- 
/------------------------------------------------------------------\
|  Jason A. Smith                          Email:  smithj4 at bnl.gov |
|  Atlas Computing Facility, Bldg. 510M    Phone: +1-631-344-4226  |
|  Brookhaven National Lab, P.O. Box 5000  Fax:   +1-631-344-7616  |
|  Upton, NY 11973-5000,  U.S.A.                                   |
\------------------------------------------------------------------/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3906 bytes
Desc: not available
Url : http://lists.bestpractical.com/pipermail/rt-devel/attachments/20090924/287d298a/attachment-0001.bin 


More information about the Rt-devel mailing list