Re: [rt-users] RT-Authen-ExternalAuth-0.09 a bit too eager?

[Kevin Falcone]

On Thu, Dec 15, 2011 at 06:18:04AM -0800, Iulian Dragan wrote:
>    Hello,
>    I am upgrading from 3.8.7 (apache2 + mod_perl) to 4.0.4 (apache2 + 
> mod_fastcgi) and I notice a
>    strange behaviour of RT-Authen-ExternalAuth -0.09.
>    The authentication works fine, however, the login page gets redirected 
> straight away here:
>    http://rt.address.com/NoAuth/Login.html?next=xxxxxx&results=xxxxxxx
>    With the error message: "You are not an authorized user".
>    That is, this is what I see instead of the normal login page.
>    This is what the log says:
>    [Thu Dec 15 13:20:08 2011] [debug]: Attempting to use external auth 
> service: AD
>    
> (/opt/rt/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
>    [Thu Dec 15 13:20:08 2011] [debug]: SSO Failed and no user to test with. 
> Nexting
>    
> (/opt/rt/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:92)
>    [Thu Dec 15 13:20:08 2011] [debug]: Autohandler called ExternalAuth. 
> Response: (0, No User)
>    (/opt/rt/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:10)
>    [Thu Dec 15 13:20:08 2011] [debug]: Attempting to use external auth 
> service: AD
>    
> (/opt/rt/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
>    [Thu Dec 15 13:20:08 2011] [debug]: SSO Failed and no user to test with. 
> Nexting
>    
> (/opt/rt/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:92)
>    [Thu Dec 15 13:20:08 2011] [debug]: Autohandler called ExternalAuth. 
> Response: (0, No User)
>    (/opt/rt/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:10)
>    Is this to be expected? Or am I missing something? Because in the old 
> version there was no
>    redirection and no error messages.

RT4 redirects on login attempt (to the login form) and those are the
debug messages you get with RT-Authen-ExternalAuth.

>    Set($WebExternalAuth , '1');
>    Set($WebFallbackToInternalAuth , '1');
>    Set($WebExternalAuto , '1');

I'm not sure why you have those set since you aren't doing any Apache
authentication.

The message you quote only comes about if you have 
WebExteralAuth turned on and either have WebExternalOnly set or have
WebExternalFallbackToInternalAuth set and have a session that's
invalid.


Try turning off the options you're not using

-kevin

>    Set($ExternalAuthPriority,  [   'AD'   ]);
>    Set($ExternalInfoPriority,  [   'AD'   ]);
>    Set($AutoCreateNonExternalUsers,    1);
>    Set($ExternalSettings,      { 'AD'       =>  {
>            'type'              =>  'ldap',
>            ...
>        }
>    });

pgpLzbtAoHGOk.pgp
Description: PGP signature

--------
RT Training Sessions (http://bestpractical.com/services/training.html)
* Boston — March 5 & 6, 2012