Changes between Version 12 and Version 13 of SharedCookieAuthPlugin


Ignore:
Timestamp:
Nov 27, 2015, 4:42:15 AM (8 years ago)
Author:
Ryan J Ollos
Comment:

Plugin has been revised for Trac 0.12 and later.

Legend:

Unmodified
Added
Removed
Modified

  • SharedCookieAuthPlugin

    v12 v13  
    1 = Share Trac cookies between projects in the same environment
    2 
    3 {{{#!box info
    4 **Notice:** This plugin does not necessarily meet coding standards or functions correctly in all use cases.
    5 }}}
     1= Share Trac cookies between projects in the same directory
    62
    73== Description
    84
    9 This plugin allows cookies to be shared between Trac instances in the same environment, ie directory. The plugin monkey-patches `trac.web.auth.LoginModule` so that cookies get set at `/` instead of `req.base_path`, see following note. The incoming request is then passed by the `authenticate` method of the `IAuthenticator` interface to projects that peer the project of interest to see if the user is authenticated there. This enables single-sign on for Trac projects in the same directory.
     5This plugin allows cookies to be shared among Trac environments that reside in the same directory, enabling Single-Sign-On to a collection of Trac sites.
    106
    11 '''Note 1''': As per request in [trac:ticket:8486 t#8486] a new configuration option has been introduced to Trac with changeset [trac:changeset:9226 't:[9226]'] that accomplished this:
    12 {{{#!ini
    13 [trac]
    14 auth_cookie_path = /var/www/trac
    15 }}}
    16 
    17 So this has been made a part of Trac, and a simplified plugin version (not yet available) should work for Trac version >= 0.12 without that monkey-patching.
    18 
    19 '''Note 2''': Before recent maintainer take-over, this plugin inspired a native Single-Sign-On functionality in AccountManagerPlugin, that is stable, available since acct_mgr-0.4 and even solves some of the shortcomings of this plugin. Most importantly login/logout works from any Trac environment sharing identical cookie path settings.
     7**Note**: This plugin inspired a native Single-Sign-On functionality in AccountManagerPlugin, which is available since acct_mgr-0.4 and even solves some of the shortcomings of this plugin. Most importantly login/logout works from any Trac environment sharing identical cookie path settings.
    208
    219== Bugs/Feature Requests
     
    3927== Installation
    4028
    41 Install the plugin on multiple Trac instances in the same directory that use cookie-based auth. Then logging in to one, should mirror login to all of them.
     29Install the plugin to multiple Trac environments that use cookie-based auth and reside in the same directory.
    4230
    4331== Configuration
    4432
    45 To make this work you will need to select one of the project to be the master authenticator, the other (slave) projects should be configured to pass the authenticate request onto the master project. This is to avoid one project to kill the auth_cookie if the login was made in another project. Unfortunately this means that login and logout can only be made in the master project.
     33You will need to select one of the project to be the master, and thus responsible for authentication. The other (slave) projects should be configured to pass the authenticate request onto the master project. This is to avoid Trac expiring the `auth_cookie` when the login is made in another project. Unfortunately this means that login and logout can only be made in the master project.
    4634
    47 So for the slave projects you'll need to disable the normal way of authentication while enabling the sharedcookieauth:
     35The slave project will have `LoginModule` disabled and `sharedcookieauth` enabled:
    4836{{{#!ini
    4937[components]
     
    5543}}}
    5644
    57 And for the master project:
     45The master project will have both `LoginModule` and `sharedcookieauth` enabled:
    5846{{{#!ini
    5947[components]
     
    6553}}}
    6654
    67 The sharedcookieauth should not need to be enabled in the master project, but it shouldn't harm either. Also be aware that the server name used must match or the browser will not share the auth_cookie between the projects.
     55In practice `sharedcookieauth` does not need to be enabled in the master project, but neither should it cause any harm. Also be aware that the server name must match for each project or the browser will not share the `auth_cookie` among projects.
    6856
    6957== Recent Changes
     
    7765'''Author:''' [wiki:k0s] [[BR]]
    7866'''Maintainer:''' [[Maintainer]] [[BR]]
    79 '''Contributors:'''
     67'''Contributors:''' rjollos