[rt-users] RT::Authen::ExternalAuth SSO config.. tips please..

Michelle Sullivan michelle at sorbs.net
Mon Aug 26 10:00:04 EDT 2013

Hi All,

I'm moving from RT3.6 -> RT4.0.17 and have decided to try going with
RT::Authen::ExternalAuth instead of an OverRide I wrote previously.

My system sets a cookie for all visitors, which is just a session ID (no
other information in the cookie - for security .. this is then linked to
the actual user information using Apache::Session to do the dirty work)

Inside the cookie retrieved information there is the Username, Email
addresses (multiple possible), Real Name, RT ID (single at the moment,
but will be multiple in the near future) and a load of other information
(address etc.)

Currently when someone logs in to the main site and updates their
preferences it updates the preferences in the RT user database.

Inside the retrieved information there is an 'auth' parameter which
contains the current state of the login and it's timeout.

My thoughts is for any un-authenticated user to be re-directed to my
main login page, get the new authenticated cookie, and be re-directed
back to the RT system.  The RT system will then load the user
information from the DB retrieved by the cookie ID.. and allow access in
that method.

Is this possible with RT::Authen::ExternalAuth ?

If so is it possible for it to update the timeout as necessary (so the
login doesn't idle out)?

If all of the above... any Docs/Examples on it?

(I have modules that can do this as well - but need to know what calls
what and what is expected in the return)

Glancing at the code, it suggests that it is not possible without
extensive work... can anyone confirm or deny?


Michelle Sullivan

More information about the rt-users mailing list