[rt-users] Login persistence

[Flynn, Peter]

I have managed to get authentication using LDAP working OK, but I seem 
to have missed or misunderstood something about persistence.

When I click on Logout, I get logged out and immediately logged back in 
again. I think I can see why this would happen, in the sense that the 
web environment still holds the authenticated token, and presumably RT 
just looks for it and finds it again.

Is there a way to stop this happening? Closing the tab doesn't prevent 
it; closing down the browser does, of course, but most users will not 
want to do that (being required to close a sovereign application simply 
to terminate a session in a tab is not a good practice).

After a logout from an LDAP-authenticated session, it should display 
RT's own login screen. If the user really, really, really wants another 
session with different LDAP credentials (or even a repeat of her own), 
then indeed closing the browser is required, but that's an edge case.

The settings I am using are:

httpd.conf
----------
<VirtualHost *:80>
     ServerAdmin pflynn at ucc.ie
     ServerName foobar.ucc.ie
     ErrorLog logs/foobar.ucc.ie-error_log
     LogLevel debug
     CustomLog logs/foobar.ucc.ie-access_log combined
     AddDefaultCharset UTF-8
     FcgidMaxRequestLen 1073741824
     ScriptAlias / /opt/rt4/sbin/rt-server.fcgi/
     DocumentRoot "/opt/rt4/share/html"
     <Location />
        Order allow,deny
        Allow from all
        Options +ExecCGI
        AddHandler fcgid-script fcgi
     </Location>
     <Directory />
        Order deny,allow
        Deny from All
        AuthType Basic
        AuthBasicProvider file ldap
        AuthBasicAuthoritative  off
        AuthUserFile /var/www/htaccess/foobar
        AuthGroupFile /dev/null
        AuthzLDAPAuthoritative off
        AuthName "Login with your email address and password"
        AuthLDAPURL ldap://aaa.bbb.ccc.ddd:ppp/DC=ad,DC=ucc,DC=ie?mail
        AuthLDAPBindDN "xxxxx"
        AuthLDAPBindPassword 'yyyyy'
        Require valid-user
     </Directory>
</VirtualHost>

RT_SiteConfig.pm (omitting values set at webconfig time)
----------------
# allow web auth to pass login status to RT
Set($WebRemoteUserAuth, 1);
# allow RT to show login screen if web auth failed
Set($WebFallbackToRTLogin, 1);
# allow an hour's inactivity (10 min for testing)
Set($AutoLogoff, 10);
# standard password must be 10 chars min
Set($MinimumPasswordLength, 10);
# use ISO dates
Set($DateTimeFormat, { Format => "ISO", Seconds => 0 });

///Peter
-- 
Peter Flynn | Academic & Collaborative Technologies | University College 
Cork IT Services | ☎ +353 21 490 2609 | ✉ pflynn at ucc.ie | 🌍 www.ucc.ie