Re: [rt-users] RT-Authen-ExternalAuth-0.09 a bit too eager?

2011-12-16 Thread Iulian Dragan 
Thank you Kevin, I got rid of those parameters and everything is now fine.

Best regards,
Iulian 
RT Training Sessions (http://bestpractical.com/services/training.html)
* Boston — March 5  6, 2012

Re: [rt-users] RT-Authen-ExternalAuth-0.09 a bit too eager?

2011-12-15 Thread Kevin Falcone 
On Thu, Dec 15, 2011 at 06:18:04AM -0800, Iulian Dragan wrote:
Hello,
I am upgrading from 3.8.7 (apache2 + mod_perl) to 4.0.4 (apache2 + 
 mod_fastcgi) and I notice a
strange behaviour of RT-Authen-ExternalAuth -0.09.
The authentication works fine, however, the login page gets redirected 
 straight away here:
http://rt.address.com/NoAuth/Login.html?next=xxresults=xxx
With the error message: You are not an authorized user.
That is, this is what I see instead of the normal login page.
This is what the log says:
[Thu Dec 15 13:20:08 2011] [debug]: Attempting to use external auth 
 service: AD

 (/opt/rt/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Thu Dec 15 13:20:08 2011] [debug]: SSO Failed and no user to test with. 
 Nexting

 (/opt/rt/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:92)
[Thu Dec 15 13:20:08 2011] [debug]: Autohandler called ExternalAuth. 
 Response: (0, No User)
(/opt/rt/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:10)
[Thu Dec 15 13:20:08 2011] [debug]: Attempting to use external auth 
 service: AD

 (/opt/rt/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Thu Dec 15 13:20:08 2011] [debug]: SSO Failed and no user to test with. 
 Nexting

 (/opt/rt/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:92)
[Thu Dec 15 13:20:08 2011] [debug]: Autohandler called ExternalAuth. 
 Response: (0, No User)
(/opt/rt/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:10)
Is this to be expected? Or am I missing something? Because in the old 
 version there was no
redirection and no error messages.

RT4 redirects on login attempt (to the login form) and those are the
debug messages you get with RT-Authen-ExternalAuth.

Set($WebExternalAuth , '1');
Set($WebFallbackToInternalAuth , '1');
Set($WebExternalAuto , '1');

I'm not sure why you have those set since you aren't doing any Apache
authentication.

The message you quote only comes about if you have 
WebExteralAuth turned on and either have WebExternalOnly set or have
WebExternalFallbackToInternalAuth set and have a session that's
invalid.


Try turning off the options you're not using

-kevin

Set($ExternalAuthPriority,  [   'AD'   ]);
Set($ExternalInfoPriority,  [   'AD'   ]);
Set($AutoCreateNonExternalUsers,1);
Set($ExternalSettings,  { 'AD'   =  {
'type'  =  'ldap',
...
}
});


pgpLzbtAoHGOk.pgp
Description: PGP signature

RT Training Sessions (http://bestpractical.com/services/training.html)
* Boston — March 5  6, 2012