Project

General

Profile

Get REMOTE_USER in Redmine 2.5.2 from apache2+SSPI module for windows

Added by Al Us over 9 years ago

did so http://www.redmine.org/boards/2/topics/127?page=1&r=43910

Posted by several options in the log is empty.

Where is the error?

application_controller.rb

  #Remote user Domen windows
  #Apache Remote_user sspi module
  def http_remote_user
    request.env['HTTP_REMOTE_USER'] || request.headers['X_FOR_USER']
  end
  helper_method :http_remote_user

  # Returns the current user or nil if no user is logged in
  # and starts a session if needed
  def find_current_user
    user = nil
    unless api_request?

        logger.info("  !!! X-Forwarded-User: #{request.env['X_FOR_USER']}")
        logger.info("  !!! request.headers['X_FOR_USER']: #{request.headers['X_FOR_USER']}")
        logger.info("  !!! HTTP_X-Forwarded-User: #{request.env['HTTP_X_FOR_USER']}")
        logger.info("  !!! HTTP_X-Forwarded-User: #{request.headers['HTTP_X_FOR_USER']}")
        logger.info("  !!! request.env['REMOTE_USER']: #{request.env['REMOTE_USER']}")
        logger.info("  !!! request.headers['REMOTE_USER']: #{request.headers['REMOTE_USER']}")
        logger.info("  !!! request.env['HTTP_REMOTE_USER']: #{request.env['HTTP_REMOTE_USER']}")
        logger.info("  !!! request.env['HTTP_REMOTE_USER']: #{request.headers['HTTP_REMOTE_USER']}")
        logger.info("  !!! request.authorization.to_s: #{request.authorization.to_s}")
        logger.info("  !!! http_remote_user: #{http_remote_user.to_s}")

Log

Started GET "/redmine/login?back_url=http%3A%2F%2Flocalhost%2Fredmine%2F" for 127.0.0.1 at 2014-09-09 18:22:16 +0400 user 
Processing by AccountController#login as HTML
  Parameters: {"back_url"=>"http://localhost/redmine/"}
  !!! X-Forwarded-User: 
  !!! request.headers['X_FOR_USER']: 
  !!! HTTP_X-Forwarded-User: 
  !!! HTTP_X-Forwarded-User: 
  !!! request.env['REMOTE_USER']: 
  !!! request.headers['REMOTE_USER']: 
  !!! request.env['HTTP_REMOTE_USER']: 
  !!! request.env['HTTP_REMOTE_USER']: 
  !!! request.authorization.to_s: 
  !!! http_remote_user: 
  Current user: anonymous
  Rendered account/login.html.erb within layouts/base (28.0ms)
Completed 200 OK in 42.0ms (Views: 38.0ms | ActiveRecord: 1.0ms)

Setup Apache2

<VirtualHost _default_:80>
  DocumentRoot "E:/work/Bitnami/redmine-2.5.2-2/apache2/htdocs" 
  <Directory "E:/work/Bitnami/redmine-2.5.2-2/apache2/htdocs">
    Options Indexes FollowSymLinks
    #AllowOverride All
    AllowOverride None
    <IfVersion < 2.3 >
      #Order allow,deny 
      Order deny,allow
      Allow from all
    </IfVersion>
    # <IfVersion >= 2.3 >
      # Require all granted
    # </IfVersion>
    <IfModule authnz_sspi_module>
      AuthName "SSPI Protected Place" 
      AuthType SSPI
      SSPIAuth On
      SSPIAuthoritative On
      SSPIOfferBasic On
      # Should you need to force the login prompt, uncomment the next line
      # SSPIBasicPreferred On
      SSPIOfferSSPI On
      SSPIOmitDomain On
        RewriteEngine On
        RewriteCond %{REMOTE_USER} (.+)
        RewriteRule ^.*$ - [E=RU:%1]
        RequestHeader add X_FOR_USER %{RU}e
      <RequireAll>
        <RequireAny>
          Require valid-sspi-user
#         Require valid-user
        </RequireAny>
        <RequireNone>
          Require user "ANONYMOUS LOGON" 
        </RequireNone>
      </RequireAll>
    </IfModule> 

</Directory>

  # Error Documents
  ErrorDocument 503 /503.html

  # Bitnami applications installed with a prefix URL (default)
  Include "E:/work/Bitnami/redmine-2.5.2-2/apache2/conf/bitnami/bitnami-apps-prefix.conf" 
</VirtualHost>