[rt-users] Option to Emulate another RT user from SuperUser
Matt Zagrabelny
mzagrabe at d.umn.edu
Thu Nov 12 13:50:02 EST 2015
On Thu, Nov 12, 2015 at 12:40 PM, Joe Kirby <kirby at umbc.edu> wrote:
> We recently turned of Set($UseSQLForACLChecks, 1) for performance reasons.
Sorry. Haven't used that setting yet.
> Are you saying we could have a special config in place that would allow me
> to access our system in non-SSO mode or would I have to cloned the db to
> such an area?
We bypass it via the browser user agent. Here is a snippet from our
apache configs:
SetEnvIf User-Agent ^KnockKnock let_me_in
# Allow either Shib-ed users or KnockKnock agents to be able to access the
# system. KnockKnock agents will still have to authenticate to the local
# RT login page.
<Location />
<RequireAny>
AuthType shibboleth
ShibRequireSession on
Require valid-user
Require env let_me_in
</RequireAny>
Options +ExecCGI
AddHandler fastcgi-script fcgi
</Location>
Then to access RT's login page, change your browser's user agent to
"KnockKnock" or whatever string you choose.
-m
More information about the rt-users
mailing list