Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix failing kerberos authentication #22

Closed
atodorov opened this issue Mar 20, 2020 · 0 comments
Closed

Fix failing kerberos authentication #22

atodorov opened this issue Mar 20, 2020 · 0 comments

Comments

@atodorov
Copy link
Member

See https://github.com/kiwitcms/tcms-api/runs/522370036 and
https://stackoverflow.com/questions/58907349

The newly added integration tests reveal that this is failing.

IMO the api client is not actually sending its credentials to the server.

OTOH the server method that gets called also looks suspicious. I fail to see how that method will actually authenticate the client. It is different from what we have in https://github.com/kiwitcms/python-social-auth-kerberos/blob/master/social_auth_kerberos/backend.py. I think the server side method should be calling .authenticate() for each backend and the kerberos one being on top should authenticate the user and return.
atodorov added a commit that referenced this issue Mar 21, 2020
@atodorov
Fix failing kerberos authentication. Fixes #22
167d390 
Kiwi TCMS (via social_auth_kerberos) will only check tokens during
the login process and afterwards rely on the session cookie!

Because of this just simulate a call to /login/kerberos/ and if
successfull set the session cookie on all subsequent requests.

The original behavior of sending the authorization request header
is preserved in case someone is using Apache mod_kerb instead of
PSA Kerberos backend.
@atodorov atodorov mentioned this issue Mar 21, 2020
Merged
atodorov added a commit that referenced this issue Mar 21, 2020
@atodorov
Fix failing kerberos authentication. Fixes #22
5a07dc2 
Kiwi TCMS (via social_auth_kerberos) will only check tokens during
the login process and afterwards rely on the session cookie!

Because of this just simulate a call to /login/kerberos/ and if
successfull set the session cookie on all subsequent requests.

The original behavior of sending the authorization request header
is preserved in case someone is using Apache mod_kerb instead of
PSA Kerberos backend.
atodorov added a commit that referenced this issue Mar 22, 2020
@atodorov
Fix failing kerberos authentication. Fixes #22
8151415 
Kiwi TCMS (via social_auth_kerberos) will only check tokens during
the login process and afterwards rely on the session cookie!

Because of this just simulate a call to /login/kerberos/ and if
successfull set the session cookie on all subsequent requests.

The original behavior of sending the authorization request header
is preserved in case someone is using Apache mod_kerb instead of
PSA Kerberos backend.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@atodorov