On Thu, Aug 6, 2015 at 8:30 AM, Robert Jacobson <[email protected]> wrote: > > If I use that Location parameter: > 1) With remote-user-auth.py disabled: > - login never results in an actual login > 2) With remote-user-auth.py enabled: > - trac header says "logged in as (null) " > > We reconfigured SiteMinder to "protect" (i.e. require redirect to login) from > "/trac/login" to "/trac", and seems to "work"; i.e. I can now login and stay > logged in. However: > - Simply visiting /trac automatically redirects to the SiteMinder login > page. I don't really want this; I'd rather people only have to login if they > want to edit something in Trac (i.e. I want them to have to click the "Login" > link first) > - visiting /trac/login results in a "Authentication information not > available" error from Trac. (but I am, in fact, logged in)
REMOTE_USER variable is NOT a HTTP header, so that RequestHeader directive doesn't work for setting REMOTE_USER variable. Instead, try to set REMOTE_USER with username on SM_USER in trac.wsgi: refs http://trac.edgewall.org/wiki/TracModWSGI#GettingTractoworknicelywithSSPIandRequireGroup. ==== ... def application(environ, start_request): # Set authenticated username on CA SiteMinder to REMOTE_USER variable if 'SM_USER' in environ: environ['REMOTE_USER'] = environ['SM_USER'] if not 'trac.env_parent_dir' in environ: environ.setdefault('trac.env_path', '/data/www/html/trac/testproject') ... === -- Jun Omae <[email protected]> (大前 潤) -- You received this message because you are subscribed to the Google Groups "Trac Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/trac-users. For more options, visit https://groups.google.com/d/optout.
