[rt-users] login via html-form (username/password) and WebExternalAuth side-by-side

Luca Mazzaferro luca.mazzaferro at rzg.mpg.de
Wed Nov 12 07:00:03 EST 2014


On 11/11/2014 08:19 PM, Kevin Falcone wrote:
> On Tue, Nov 11, 2014 at 12:45:41PM +0100, Luca Mazzaferro wrote:
>> I want to give my users the possibility to login to rt through an
>> SSO-mechanism (here: kerberos).
>> It works fine if I require a Kerberos -ticket in through apache2.
>> However, I would like to either have the people type their username /
>> password in the HTML-Login form
>> or click a button to login with the Kerberos ticket.
> I'd suggest either two Virtual Hosts, one which does the kerberos
> tickets, or one domain using Satisfy so that people without kerberos
> tickets drop through to RT's login.
>
> Have you reviewed
> http://bestpractical.com/docs/rt/latest/authentication
> Your technique of copying and fiddling with Login.html seems much more
> complicated that it's needed to be for anyone that we've set this up
> for before.  Most of the time folks just have a button on the normal
> login page that runs them off to the shib or kerb auth points and then
> back again and then RT notices you have REMOTE_USER and you're good to
> go.
>
> -kevin
Hi Kevin,
thank you very much for your suggestions.
Unfortunately here I have some firewall restrictions
so 2 Virtual hosts could be difficult.
I will try to read

http://bestpractical.com/docs/rt/latest/authentication

Thank you again

Luca



More information about the rt-users mailing list