[rt-users] RT and SSO with SAML

Thomas Sibley trs at bestpractical.com
Tue Jun 18 14:47:34 EDT 2013

On 06/18/2013 05:58 AM, Ruslan Zakirov wrote:
>>     - logout waits 1 second (default), and go back to login page, so I'm
>>     authenticated again. I think I need to change the logout link in the
>>     code?
> Yes. Very specific to setup, so there is no direct solution that works
> for everybody.

There's a "Default" callback in NoAuth/Logout.html which you can use to
modify the URL redirected to.  This lets you have RT redirect to the SSO
endpoint's logout URL.

>>     - SSO is always used and I'd like a way to do a local login (with
>>     root for example which is not in our user directory). I'm not sure
>>     how to do this yet.
> Host second RT as a virtual host on different URL without SSO. Only
> people with passwords in RT's database would be able to use this interface.

Alternatively you can tell Apache to "Satisfy any" and allow some local
users depending on their IP address.  You may or may not be able to
configure mod_mellon to allow optional SSO auth.

More information about the rt-users mailing list