Mercurial > p > roundup > code
comparison doc/upgrading.txt @ 6436:1f2f7c0b8968
issue2550837 - New option for web auth (also http header passing)
Implement experimental support to allow tracker to use an alternate
authentication variable replacing ROUNDUP_USER. Also add -I option to
roundup-server to whitelist HTTP headers that should be passed through
to the tracker.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Mon, 14 Jun 2021 19:33:27 -0400 |
| parents | 269f39e28d5c |
| children | cbc18a8bc61f |
comparison
equal
deleted
inserted
replaced
| 6435:ada96db8ec62 | 6436:1f2f7c0b8968 |
|---|---|
| 107 Roundup install now uses setuptools rather than distutils. You must | 107 Roundup install now uses setuptools rather than distutils. You must |
| 108 install setuptools. Use the version packgaged by your OS vendor. If | 108 install setuptools. Use the version packgaged by your OS vendor. If |
| 109 your OS vendor doesn't supply setuptools use ``pip install | 109 your OS vendor doesn't supply setuptools use ``pip install |
| 110 setuptools``. (You may need pip3 rather than pip if using python3.) | 110 setuptools``. (You may need pip3 rather than pip if using python3.) |
| 111 | 111 |
| 112 Define Authentication Header | |
| 113 ---------------------------- | |
| 114 | |
| 115 The front end server running roundup can perform the user | |
| 116 authentication. It pass the authenticated username to the backend in a | |
| 117 variable. By default roundup looks for the ``REMOTE_USER`` variable | |
| 118 This can be changed by setting the parameter ``http_auth_header`` in the | |
| 119 ``[web]`` section of the tracker's ``config.ini`` file. If the value | |
| 120 is unset (the default) the REMOTE_USER variable is used. | |
| 121 | |
| 122 If you are running roundup using ``roundup-server`` behind a proxy | |
| 123 that authenticates the user you need to configure ``roundup-server`` to | |
| 124 pass the proper header to the tracker. By default ``roundup-server`` | |
| 125 looks for the ``REMOTE_USER`` header for the authenticated user. You | |
| 126 can copy an arbitrary header variable to the tracker using the ``-I`` | |
| 127 option to roundup-server (or the equivalent option in the | |
| 128 roundup-server config file). | |
| 129 | |
| 130 For example to use the ``uid_variable`` header, two configuration | |
| 131 changes are needed: First configure ``roundup-server`` to pass the | |
| 132 header to the tracker using:: | |
| 133 | |
| 134 roundup-server -I uid_variable .... | |
| 135 | |
| 136 note that the header is passed exactly as supplied by the upstream | |
| 137 server. It is **not** prefixed with ``HTTP_`` like other headers since | |
| 138 you are explicitly whitelisting the header. Multiple comma separated | |
| 139 headers can be passed to the ``-I`` option. These could be used in a | |
| 140 detector or other tracker extensions, but only one header can be used | |
| 141 by the tracker as an authentication header. | |
| 142 | |
| 143 To make the tracker honor the new variable changing the tracker | |
| 144 ``config.ini`` to read:: | |
| 145 | |
| 146 [web] | |
| 147 ... | |
| 148 http_auth_header = uid_variable | |
| 149 | |
| 150 At the time this is written, support is experimental. If you use it | |
| 151 you should notify the roundup maintainers using the roundup-users | |
| 152 mailing list. | |
| 112 | 153 |
| 113 Classname Format Enforced | 154 Classname Format Enforced |
| 114 ------------------------- | 155 ------------------------- |
| 115 | 156 |
| 116 Check schema.py and look at all Class(), IssueClass(), FileClass() | 157 Check schema.py and look at all Class(), IssueClass(), FileClass() |