Incorporate optional Single-Sign-On functionality
|Reported by:||hasienda||Owned by:||hasienda|
|Cc:||boftx@…, macjoost@…, otaku42, rjollos, ebray||Trac Release:||0.11|
A configurable authentication cookie path has been the pre-requisite to share authentication cookies between several Trac environments on a single host. I call it "cheap" Single-Sign-On, because IMHO it's not as mature as true SSO solutions based on a dedicated authentication backend like Kerberos.
[trac] auth_cookie_path = /var/www/trac
Until now SharedCookieAuthPlugin has been the only Trac plugin to provide some "magic glue" for utilizing this option. I tested it and had the same issue as some other users. According to my half-educated code studies, this is bound to fail at least in any recent Trac due to the way, Trac core is handling authentication cookies internally (see my comment to #5566 for details).
Sadly the author has been unable to reproduce the issue and later explicitly dropped maintenance for all his plugins. 2 1/2 years have been gone so far without a bug-fix, not to mention an improved plugin version for Trac >= 0.12 without the monkey-patching of auth.LoginModule done in that plugin. Btw, AcctMgr monkey-patches auth.LoginModule too, and this may even contribute to the failure, at least in my case, but I've not done any closer investigation into this.
Nevertheless I'm eager to get a working solution, and after some work to resolve cookie-related AcctMgr issues I dropped SharedCookieAuthPlugin and made an attempted inside this plugin. Figure, that by the time we get this into a decent matured state, a decision could still be made on how to proceed with SharedCookieAuthPlugin.
Change History (10)
comment:8 Changed 22 months ago by hasienda
- Resolution set to fixed
- Status changed from assigned to closed