Auto Registration with Lazy Authentication #10
Comments
|
Hi, yes, the registration form would submit the user back to the main page, where the remote_user is lost. You somehow need to trick apache to provide REMOTE_USER when the browser provides the username/password, but do not explicity require them when browsing outside /httpauth-. If I remember well from my good old apache days, you can use the combination of Satisfy statements to achieve this behavior: |
|
Hi, thanks for your reply. You are right, basically apache can be tricked to provide REMOTE_USER at the right moment. Then it works. But in my case I want to use another module to lookup and authenticate users, like pam. That means, as there is no users file that I also must use AuthBasicAuthoritative: And that again seems to break things. As we are now in the world of apache modules I will have a look into this a bit more. Maybe there is another way to use PAM. But apart from that I tried to redirect users after self-registering to httpauth-login replacing redirect_to home_url in app/controllers/registration_controller.rb:18 to redirect_to '/httpauth-login' and also to 'https://foobar.org/httpauth-login'. But i has no effect. That surely is because I am absolutely not familiar with ruby on rails. Would it be possible to give that strategy a try, or am I totally wrong with this idea? |
|
Hi, this is getting really complex now. Also the current httpauth module Regarding the registration_controller change, it seems fine, but I can't comment on the PAM scenario, because I'm not that familiar Adam |
|
Hello mcbulba, Could you help please? Could you describe your environment what you use? I'd like to know bacause lazy authentication doesn't work for me with following configuration: Regards, |
Hi
First of all: thanks for this plugin.
But I have an issue with lazy authentication and auto registration. I want the redmine site be available without bothering "external" people (that can not authenticate via HTTP-auth). On the other hand, people who can do HTTP authentication should be asked for their credentials using mod_auth_basic when visiting /httpauth-login.
So i setup two location directives in apache2:
By doing so I can activate lazy authentication and after being redirected from /httpauth-login to /login people are still logged into redmine.
However, if someone does not have a redmine account yet, he will not be logged in but sent to /httpauth-selfregister which is still OK due to the wildcard in my Location directive. REMOTE_USER is still set at this point. But after clicking on "Submit" he will find himself on / with an error saying "Username is not provided".
Did I do something too complicated and is there another way to achieve the wanted behavior with apache and mod_auth_basic? Otherwise I would suggest to not redirect to / until the session really started and lazy authentication can be applied. Either by starting the session right after creating the new account and then redirecting to home_url like it is done now, or by inserting a redirect to httpauth-login after creating the account.
The latter way would as far as I understood things retry to login using HTTP authentication (REMOTE_USER is still set) and succeed because now the account exists.
The text was updated successfully, but these errors were encountered: