I agree that it's strange to need the remote-auth-user plugin, and I originally thought login would work without it -- but I couldn't get it to work before (it's the first thing I tried!) -- and I still can't.
I did the following: 1) disabled remote-user-auth.* component in trac.ini 2) in trac.conf, set Location /trac/login as you specified Result: trac home page is OK. When I visit /trac/login, I get redirected to the Siteminder login page, and after I login, back to my site (/trac/login again), at which point I get an Apache "Internal Server Error": [Thu Aug 06 22:40:32 2015] [crit] [client 192.168.10.10] configuration error: couldn't perform authentication. AuthType not set!: /trac/login, referer: https://siteminder-server/auth/redirect.aspx?authtype=ldap20&target=https://192.168.10.10/trac/login This is expected, as according to the Apache docs <http://httpd.apache.org/docs/2.2/mod/core.html#require>, "Require must be accompanied by AuthName <http://httpd.apache.org/docs/2.2/mod/core.html#authname> and AuthType <http://httpd.apache.org/docs/2.2/mod/core.html#authtype> directives" None of the AuthTypes available make sense. And AFAICT Siteminder doesn't provide an AuthType itself. Just to confirm -- if I remove the "Location" settings from trac.conf, and alias /trac/login to my outputvars.php script (in trac.conf): ScriptAlias /trac/login "/data/www/cgi-bin-trac/outputvars.php" I can see that after the Siteminder login, REMOTE_USER is in fact set in the header. I just don't know how to configure Trac to use it! The proxy config on TracStandalone is the only example I could find. On Thursday, August 6, 2015 at 10:10:21 PM UTC-4, RjOllos wrote: > > On Thursday, August 6, 2015 at 3:22:19 PM UTC-7, Robert Jacobson wrote: >> >> >> It's been that way the whole time. >> > > I think you probably don't need or want to use remote-user-auth.py, the > plugin for "authentication behind a proxy". The solution seems to be useful > for the case when Trac is running in a different process and the Apache > environment is not available to Trac. > > In your case Trac is running in Apache and the REMOTE_USER variable is > available in the environment. This is the variable that the LoginModule > uses for login, so you are probably better off disabling > remote-user-auth.py. > > Based on what I understand about Apache configuration, the key here seems > to be figuring out how to set the Location block. Normally the > authentication method (1) goes in the block, but I don't understand how > this will work with SiteMinder. > > Would the following make any sense, after disabling remote-user-auth.py? > > <Location "/trac/login"> > Require valid-user > </Location> > > Maybe we are approaching this wrong though. In the configuration guide for > MoinMoin they implement redirects (2). > > (1) http://trac.edgewall.org/wiki/TracModWSGI#UsingBasicAuthentication > (2) https://moinmo.in/AuthMarket/SiteminderAuthentication > -- You received this message because you are subscribed to the Google Groups "Trac Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/trac-users. For more options, visit https://groups.google.com/d/optout.
