Changes between Version 10 and Version 11 of SharedCookieAuthPlugin
- Timestamp:
- May 20, 2015, 4:37:58 PM (9 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
SharedCookieAuthPlugin
v10 v11 1 = Share Trac cookies between projects in the same environment =1 = Share Trac cookies between projects in the same environment 2 2 3 == Description == 3 {{{#!box info 4 **Notice:** This plugin does not necessarily meet coding standards or functions correctly in all use cases. 5 }}} 4 6 5 SharedCookieAuthPlugin allows cookies to be shared between Trac instances in the same environment (i.e. directory). The plugin monkey-patches `trac.web.auth.LoginModule` so that cookies get set at `/` instead of `req.base_path` (See following note). The incoming request is then passed by the `authenticate` method of the `IAuthenticator` interface to projects that peer the project of interest to see if the user is authenticated there. This enables single-sign on for Trac projects in the same directory. 7 == Description 6 8 7 Note1: As per request in [trac:ticket:8486 T#8486] a new configuration option, has been introduced to Trac with changeset [trac:changeset:9226 'T:[9226]'], that accomplished this: 8 {{{ 9 #!cfg 9 This plugin allows cookies to be shared between Trac instances in the same environment, ie directory. The plugin monkey-patches `trac.web.auth.LoginModule` so that cookies get set at `/` instead of `req.base_path`, see following note. The incoming request is then passed by the `authenticate` method of the `IAuthenticator` interface to projects that peer the project of interest to see if the user is authenticated there. This enables single-sign on for Trac projects in the same directory. 10 11 '''Note 1''': As per request in [trac:ticket:8486 t#8486] a new configuration option has been introduced to Trac with changeset [trac:changeset:9226 't:[9226]'] that accomplished this: 12 {{{#!ini 10 13 [trac] 11 14 auth_cookie_path = /var/www/trac 12 15 }}} 16 13 17 So this has been made a part of Trac, and a simplified plugin version (not yet available) should work for Trac version >= 0.12 without that monkey-patching. 14 18 15 Note2: Before recent maintainer take-over, this plugin inspired a native Single-Sign-On functionality in AccountManagerPlugin, that is stable, available since acct_mgr-0.4 and even solves some of the shortcomings of this plugin. Most importantly login/logout works from any Trac environment sharing identical cookie path settings.19 '''Note 2''': Before recent maintainer take-over, this plugin inspired a native Single-Sign-On functionality in AccountManagerPlugin, that is stable, available since acct_mgr-0.4 and even solves some of the shortcomings of this plugin. Most importantly login/logout works from any Trac environment sharing identical cookie path settings. 16 20 17 == Configuration == 21 == Bugs/Feature Requests 22 23 Existing bugs and feature requests for SharedCookieAuthPlugin are 24 [report:9?COMPONENT=SharedCookieAuthPlugin here]. 25 26 If you have any issues, create a 27 [http://trac-hacks.org/newticket?component=SharedCookieAuthPlugin&owner=agitronic new ticket]. 28 29 [[TicketQuery(component=SharedCookieAuthPlugin&group=type,format=progress)]] 30 31 == Download 32 33 Download the zipped source from [download:sharedcookieauthplugin here]. 34 35 == Source 36 37 You can check out SharedCookieAuthPlugin from [http://trac-hacks.org/svn/sharedcookieauthplugin here] using Subversion, or [source:sharedcookieauthplugin browse the source] with Trac. 38 39 == Installation 40 41 Install the plugin on multiple Trac instances in the same directory that use cookie-based auth. Then logging in to one, should mirror login to all of them. 42 43 == Configuration 18 44 19 45 To make this work you will need to select one of the project to be the master authenticator, the other (slave) projects should be configured to pass the authenticate request onto the master project. This is to avoid one project to kill the auth_cookie if the login was made in another project. Unfortunately this means that login and logout can only be made in the master project. 20 46 21 47 So for the slave projects you'll need to disable the normal way of authentication while enabling the sharedcookieauth: 22 {{{ 23 #!cfg 48 {{{#!ini 24 49 [components] 25 50 sharedcookieauth.* = enabled … … 31 56 32 57 And for the master project: 33 {{{ 34 #!cfg 58 {{{#!ini 35 59 [components] 36 60 sharedcookieauth.* = enabled … … 41 65 }}} 42 66 43 The sharedcookieauth should not need to be enabled in the master project, but it shouldn't harm either. Also be aware that the server name used must match or the browser will not share the auth_cookie between the projects 67 The sharedcookieauth should not need to be enabled in the master project, but it shouldn't harm either. Also be aware that the server name used must match or the browser will not share the auth_cookie between the projects. 44 68 45 == Bugs/Feature Requests == 46 47 Existing bugs and feature requests for SharedCookieAuthPlugin are 48 [report:9?COMPONENT=SharedCookieAuthPlugin here]. 49 50 If you have any issues, create a 51 [http://trac-hacks.org/newticket?component=SharedCookieAuthPlugin&owner=agitronic new ticket]. 52 53 == Download == 54 55 Download the zipped source from [download:sharedcookieauthplugin here]. 56 57 == Source == 58 59 You can check out SharedCookieAuthPlugin from [http://trac-hacks.org/svn/sharedcookieauthplugin here] using Subversion, or [source:sharedcookieauthplugin browse the source] with Trac. 60 61 == Example == 62 63 Install the plugin on multiple Trac instances in the same directory that use cookie-based auth. Then login to one should mirror login to all of them 64 65 == Recent Changes == 69 == Recent Changes 66 70 67 71 [[ChangeLog(sharedcookieauthplugin, 3)]] 68 72 69 == Author/Contributors ==73 == Author/Contributors 70 74 71 75 ''Originally developed at [http://openplans.org The Open Planning Project]'' 72 76 73 77 '''Author:''' [wiki:k0s] [[BR]] 74 '''Maintainer:''' [ wiki:agitronic] [[BR]]78 '''Maintainer:''' [[Maintainer]] [[BR]] 75 79 '''Contributors:'''