View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0022398 | mantisbt | authentication | public | 2017-02-17 06:27 | 2023-07-05 09:56 |
Reporter | arrfab | Assigned To | |||
Priority | normal | Severity | minor | Reproducibility | have not tried |
Status | new | Resolution | open | ||
Product Version | 2.1.0 | ||||
Summary | 0022398: HTTP_AUTH not working | ||||
Description | Was trying to force HTTP_AUTH for mantisbt, (as https://www.mantisbt.org/docs/master-1.3.x/en-US/Admin_Guide/html-desktop/#admin.config.auth) Does that mean that it's not yet implemented ? Also the doc is still 1.3 while product is now 2.1.0 (needs another bug report ?) In fact, we (CentOS Project) don't even want to rely on HTTP_AUTH, but rather on openid, but while I found some bug reports for that, it seems there is still nothing implemented. Can we get clarification if that is supposed to work or not ? (while also waiting for openid plugin to work too) Thanks a lot for your work ! | ||||
Tags | No tags attached. | ||||
IMHO (after hours of patching MantisBT sources) current version doesn't support HTTP_AUTH and simply ignores _SERVER['REMOTE_USER'] variable with user name authenticated via web-server. |
|
I created a pull request to fix this issue: https://github.com/mantisbt/mantisbt/pull/1302 |
|
Thanks @raspopov for the PR and your bug report. We have added support for auth plugins in 2.3.0 release. So you should consider to upgrade to latest to get that. To get more details about the auth plugin model, checkout the following:
The goal is to move more towards plugins and less auth schemas embedded in the core of MantisBT. As for the HTTP_AUTH, thanks for the PR. Will hopefully provide feedback soon. |
|
Good to know that there is now a way to have http_auth working, but it seems that it will not be merged into mantis core |
|
Sorry for the late response but we got this working simply adding 'HTTP_AUTH' value to the <i>$t_login_methods</i> array in <i>auth_does_password_match</i> method (authentication_api.php): Finally we avoided to touch 'core' libs and an integration with Apache+mod_auth_cas is working with BASIC_AUTH and custom configuration and some new PHP scripts, but the former (and simple) update to <i>authentication_api.php</i> actually resolved the problem. |
|