[rt-users] RT and SSO with SAML

L B bertignac at gmail.com
Tue Jun 18 08:38:03 EDT 2013


The goal here is to have SSO on RT between a local user directory (AD) and
an RT instance installed in the amazon cloud.

I've setup mod_mellon ( https://code.google.com/p/modmellon/ ) with RT as a
relying party on AWS  and it works well, I'm able to log in with SSO (IdP
used on premise is ADFS).

I just had to configure RT with:
Set($WebExternalAuth , 1);
Set($WebFallbackToInternalAuth , 1);
Set($WebExternalAuto , 1);

so it uses the REMOTE_USER variable to login.

I have three problems now:
- populating users info:
 I think I can get some environment variables out of the SAML token with
mod_mellon configuration like this:

 MellonSetEnv "e-mail" "mail"

 But then I don't know how to populate this into RT.

- logout waits 1 second (default), and go back to login page, so I'm
authenticated again. I think I need to change the logout link in the code?

- SSO is always used and I'd like a way to do a local login (with root for
example which is not in our user directory). I'm not sure how to do this

Has anyone played with this and went further than I did?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20130618/f8a31662/attachment.htm>

More information about the rt-users mailing list