Re: [Trac] Re: Use REMOTE_USER server variable (via Siteminder Web agent) for login

Sat, 08 Aug 2015 05:17:19 -0700 

On Sat, Aug 8, 2015 at 8:34 PM, Robert Jacobson <[email protected]> wrote:
> I'll make one important note:  Siteminder only sets the REMOTE_USER (and/or
> SM_USER) in the header when you're at a "protected" URL.  In the current
> config, that's only /trac/login.  I'm sure this is happening; see below.
>
> I made the change you suggested, but I still cannot login.  I tried both
> with and without the Location setting for /trac/login:
>
> <Location "/trac/login">
> WSGIPassAuthorization On
> #  RequestHeader set REMOTE_USER %{SM_USER}s
> </Location>
>
> Two things:  I don't think the code you suggested is ever being executed.  I
> added some debug:
>
> import os
> import sys
>
> def application(environ, start_request):
>     print >> sys.stderr, "trac.wsgi: FOOBAR"
>     # Set authenticated username on CA SiteMinder to REMOTE_USER variable
>     if 'SM_USER' in environ:
>         print >> sys.stderr, "trac.wsgi: setting REMOTE_USER to SM_USER"
>         environ['REMOTE_USER'] = environ['SM_USER']
>
> I get "trac.wsgi: FOOBAR" in httpd error_log, but never "trac.wsgi: setting
> REMOTE_USER to SM_USER".

Oh, sorry. I just mistake. Replace SM_USER with HTTP_SM_USER.

def application(environ, start_request):
    # Set authenticated username on CA SiteMinder to REMOTE_USER variable
    if 'HTTP_SM_USER' in environ:
        environ['REMOTE_USER'] = environ['HTTP_SM_USER']
    ...

If the issue is still not solved, please confirm what name in
"environ" is using for username from SiteMinder to dump all of
"environ" when visiting /trac/login like this:

def application(environ, start_request):
    print >>sys.stderr, repr(environ)
    # Set authenticated username on CA SiteMinder to REMOTE_USER variable
    if 'HTTP_SM_USER' in environ:
        environ['REMOTE_USER'] = environ['HTTP_SM_USER']
   ...

-- 
Jun Omae <[email protected]> (大前 潤)

-- 
You received this message because you are subscribed to the Google Groups "Trac 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/trac-users.
For more options, visit https://groups.google.com/d/optout.

Reply via email to