-
Notifications
You must be signed in to change notification settings - Fork 46
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Exceptions for some users #13
Comments
Hi Stanislav, the exception list is a good idea! If I can finally spend some time working on this project, I'll definitely implement it! You can always log in with local accounts / passwords, so the configuration is not needed in the second use case of yours. cheers, |
Hi Adam, Thanks for the quick reply!
Have a nice day, |
When I try to login as admin I get an error 500 and that in logs: Processing WelcomeController#index (for 10.133.27.68 at 2012-03-11 09:54:36) [GET] Processing WelcomeController#index (for 10.133.27.68 at 2012-03-11 10:00:19) [GET] Processing WelcomeController#index (for 10.133.27.68 at 2012-03-11 10:04:53) [GET] Processing AccountController#login (for 10.133.27.68 at 2012-03-11 10:04:56) [GET] Processing AccountController#login (for 10.133.27.68 at 2012-03-11 10:05:02) [POST] NoMethodError (undefined method Rendering /opt/redmine/redmine-1.2/public/500.html (500 Internal Server Error) |
Adam, Could you tell me what "Sign in via HTTP-Auth" exactly means? I thought it was going to work as:
Stas |
Hi, unfortunately I can't help with the exception, it seems that it happens somewhere in the redmine core. The "Sign in via HTTP-Auth" link points to a new abstract URL, and only works well, if the HTTP authentication method handles lazy / location specific authentication enforcement. That is, forcing authentication on one URL, but providing REMOTE_USER on all URLs, if it's present in the request. So the user does not need to authenticate themself until they actually reach the special URL, but then every subsequent request is authenticated, regardless of the location. I'm not sure if the Kerberos method provides this behavior, it is intended to be used with more complex SSO solutions, like Shibboleth. |
Adam, Do you mean I can try to authenticate users on http://redminehost/httpauth-login instead of http://redminehost ? Stas |
Yes, I think I've got it. It won't help with the security question but will probably help with unsing unternal authentication! Thanks a lot! |
Hello Adam, I've tried to make it work but didn't manage. This configuration authenticates me on http://redminehost/httpauth-login but using URLs outside http://redminehost/httpauth-login makes me unauthenticated again. Could you give me any hints how I can fix it?
Regards, |
Hello Adam,
First thank you for the plugin. This is only one I managed to find to use for Kerberos authenticaion.
As I use it for Kerberos I'd like also to have some exceptions, for exaple, for admin user or for people who don't have an account in LDAP/AD.
Regards,
Stanislav
The text was updated successfully, but these errors were encountered: