On 11/11/2014 08:19 PM, Kevin Falcone wrote:
On Tue, Nov 11, 2014 at 12:45:41PM +0100, Luca Mazzaferro wrote:
I want to give my users the possibility to login to rt through an
SSO-mechanism (here: kerberos).
It works fine if I require a Kerberos -ticket in through apache2.
However, I would like to either have the people type their username /
password in the HTML-Login form
or click a button to login with the Kerberos ticket.
I'd suggest either two Virtual Hosts, one which does the kerberos
tickets, or one domain using Satisfy so that people without kerberos
tickets drop through to RT's login.
Have you reviewed
http://bestpractical.com/docs/rt/latest/authentication
Your technique of copying and fiddling with Login.html seems much more
complicated that it's needed to be for anyone that we've set this up
for before. Most of the time folks just have a button on the normal
login page that runs them off to the shib or kerb auth points and then
back again and then RT notices you have REMOTE_USER and you're good to
go.
-kevin
Hi Kevin,
thank you very much for your suggestions.
Unfortunately here I have some firewall restrictions
so 2 Virtual hosts could be difficult.
I will try to read
http://bestpractical.com/docs/rt/latest/authentication
Thank you again
Luca
