On Thu, Dec 15, 2011 at 06:18:04AM -0800, Iulian Dragan wrote:
Hello,
I am upgrading from 3.8.7 (apache2 + mod_perl) to 4.0.4 (apache2 +
mod_fastcgi) and I notice a
strange behaviour of RT-Authen-ExternalAuth -0.09.
The authentication works fine, however, the login page gets redirected
straight away here:
http://rt.address.com/NoAuth/Login.html?next=xxresults=xxx
With the error message: You are not an authorized user.
That is, this is what I see instead of the normal login page.
This is what the log says:
[Thu Dec 15 13:20:08 2011] [debug]: Attempting to use external auth
service: AD
(/opt/rt/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Thu Dec 15 13:20:08 2011] [debug]: SSO Failed and no user to test with.
Nexting
(/opt/rt/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:92)
[Thu Dec 15 13:20:08 2011] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:10)
[Thu Dec 15 13:20:08 2011] [debug]: Attempting to use external auth
service: AD
(/opt/rt/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:64)
[Thu Dec 15 13:20:08 2011] [debug]: SSO Failed and no user to test with.
Nexting
(/opt/rt/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:92)
[Thu Dec 15 13:20:08 2011] [debug]: Autohandler called ExternalAuth.
Response: (0, No User)
(/opt/rt/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:10)
Is this to be expected? Or am I missing something? Because in the old
version there was no
redirection and no error messages.
RT4 redirects on login attempt (to the login form) and those are the
debug messages you get with RT-Authen-ExternalAuth.
Set($WebExternalAuth , '1');
Set($WebFallbackToInternalAuth , '1');
Set($WebExternalAuto , '1');
I'm not sure why you have those set since you aren't doing any Apache
authentication.
The message you quote only comes about if you have
WebExteralAuth turned on and either have WebExternalOnly set or have
WebExternalFallbackToInternalAuth set and have a session that's
invalid.
Try turning off the options you're not using
-kevin
Set($ExternalAuthPriority, [ 'AD' ]);
Set($ExternalInfoPriority, [ 'AD' ]);
Set($AutoCreateNonExternalUsers,1);
Set($ExternalSettings, { 'AD' = {
'type' = 'ldap',
...
}
});
pgpLzbtAoHGOk.pgp
Description: PGP signature
RT Training Sessions (http://bestpractical.com/services/training.html)
* Boston March 5 6, 2012