-
-
Notifications
You must be signed in to change notification settings - Fork 9
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix failing kerberos authentication #22
Comments
atodorov
added a commit
that referenced
this issue
Mar 21, 2020
Kiwi TCMS (via social_auth_kerberos) will only check tokens during the login process and afterwards rely on the session cookie! Because of this just simulate a call to /login/kerberos/ and if successfull set the session cookie on all subsequent requests. The original behavior of sending the authorization request header is preserved in case someone is using Apache mod_kerb instead of PSA Kerberos backend.
atodorov
added a commit
that referenced
this issue
Mar 21, 2020
Kiwi TCMS (via social_auth_kerberos) will only check tokens during the login process and afterwards rely on the session cookie! Because of this just simulate a call to /login/kerberos/ and if successfull set the session cookie on all subsequent requests. The original behavior of sending the authorization request header is preserved in case someone is using Apache mod_kerb instead of PSA Kerberos backend.
atodorov
added a commit
that referenced
this issue
Mar 22, 2020
Kiwi TCMS (via social_auth_kerberos) will only check tokens during the login process and afterwards rely on the session cookie! Because of this just simulate a call to /login/kerberos/ and if successfull set the session cookie on all subsequent requests. The original behavior of sending the authorization request header is preserved in case someone is using Apache mod_kerb instead of PSA Kerberos backend.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
See https://github.com/kiwitcms/tcms-api/runs/522370036 and
https://stackoverflow.com/questions/58907349
The newly added integration tests reveal that this is failing.
IMO the api client is not actually sending its credentials to the server.
OTOH the server method that gets called also looks suspicious. I fail to see how that method will actually authenticate the client. It is different from what we have in https://github.com/kiwitcms/python-social-auth-kerberos/blob/master/social_auth_kerberos/backend.py. I think the server side method should be calling .authenticate() for each backend and the kerberos one being on top should authenticate the user and return.
The text was updated successfully, but these errors were encountered: