1

I am using Trac 0.12.3 in a multi project setup with subversion and am using AccountManagerPlugin from the trunk. The default index page enlists all the project directories and clicking on any of them takes me to the trac page for that project. When I try to login, I am successfully authenticated, however, coming to another project needs me to log in again. I wanted to use single sign on and followed the steps mentioned at http://trac-hacks.org/wiki/CookBook/AccountManagerPluginConfiguration#SingleSignOn

It always asks me to sign in for every project.

My apache config:

<VirtualHost *:80>
  ServerName trac.myproject.com
  ServerAdmin your@email.com

  DocumentRoot /trac

  <Directory />
    Options FollowSymLinks
    AllowOverride None
  </Directory>
  <Directory />
    Options Indexes FollowSymLinks MultiViews
    AllowOverride None
    Order allow,deny
    allow from all
  </Directory>

  ErrorLog /var/log/apache2/error.log
  LogLevel warn
  CustomLog /var/log/apache2/access.log combined
  ServerSignature On

<Location /svn>
   DAV svn
   SVNParentPath /svn

   AuthType Basic
   AuthName "Subversion Repository"
   AuthUserFile /etc/svnauth
   Require valid-user
   AuthzSVNAccessFile /etc/svnaccess
</Location>

<LocationMatch "/.+">
   SetHandler mod_python
   PythonHandler trac.web.modpython_frontend
   PythonOption TracEnvParentDir /trac/
   PythonOption TracUriRoot /
   #AuthType Basic
   #AuthName "Trac"
   #AuthUserFile /etc/svnauth
   #Require valid-user
</LocationMatch>

</VirtualHost>

Trac.ini file, from which all the other project specific trac.ini files are inherited:

[trac]
trac_auth = /trac/cookie
trac_auth_session = /trac/session
#I have also tried setting it as trac_auth_cookie = /trac/cookie
[header_logo]
alt = Logo
height = -1
link = /
src = http://projects.hostgeyser.com/templates/frost/images/logo%20250%20x%2089_new.png
width = -1

[components]
acct_mgr.admin.* = enabled
acct_mgr.api.* = enabled
acct_mgr.db.sessionstore = enabled
acct_mgr.htfile.htdigeststore = disabled
acct_mgr.htfile.htpasswdstore = enabled
acct_mgr.http.httpauthstore = disabled
acct_mgr.notification.* = enabled
acct_mgr.pwhash.htdigesthashmethod = disabled
acct_mgr.pwhash.htpasswdhashmethod = disabled
acct_mgr.svnserve.* = enabled
acct_mgr.svnserve.svnservepasswordstore = disabled
acct_mgr.web_ui.* = enabled
trac.web.auth.loginmodule = disabled
acct_mgr.http.httpauthstore = enabled


[account-manager]
password_store = HtPasswdStore
htpasswd_hash_type = md5
htpasswd_file = /etc/svnauth
gentrobot
  • 673
  • 6
  • 25
  • Where did you take *trac_auth* and *trac_auth_session* from? These are the names of browser cookies, not valid *trac.ini* configuration key names. – hasienda Feb 29 '12 at 22:57
  • I just notice that you have both, disable **and** enable for *acct_mgr.http.httpauthstore*. Delete the last line from [components] section, please. Anyway, this seem not relevant to the topic, just a clean-up. – hasienda Mar 05 '12 at 23:21
  • Did the answer below actually solve your problem? What were you doing wrong? – Mike Howsden Apr 03 '12 at 16:04

2 Answers2

0

Double-tricky. I just tapped into the same gaffes. Documentation (as well as hasienda's answer) speak of a "base-path", which easily let's one think about the file-system (and something like the session files used by PHP sessions). That's mistake number one: It's the URL path to the trac parent environment. So if your trac projects are using something like http://www.example.org/trac/<project>, your setting must be auth_cookie_path = /trac.

Second trap: Old cookies remaining in the browser. Though I finally adjusted my auth_cookie_path as described above, I was still unable to authenticate. There was an old trac_auth cookie from one project sitting in my jar. After I removed that one, it started working like a charm!

Community
  • 1
  • 1
Izzy
  • 1,364
  • 3
  • 32
  • 65
0

You can't mix authentication as you do here:

  • Apache config by AuthType Basic
  • AccountManager LoginModule (enabled by acct_mgr.web_ui.* = enabled)

Decide for only one of these. If you want SSO from AcctMgr, then stick to auth_cookie_path = <all-env-common-basepath>. The wiki page TracIni has all valid configuration keys for your Trac application, what is Trac environment-specific, depending on enabled components and installed Trac plugins.

hasienda
  • 2,390
  • 1
  • 13
  • 16
  • the part "AuthType Basic" is actually commented out after I enabled the AccountMgr plugin. I have set auth_cookie_path = /trac/ which is the common base path for all environments and which is also my default DocumentRoot – gentrobot Mar 01 '12 at 05:09
  • Did you try with *auth_cookie_path = /trac* too - without the slash? – hasienda Mar 04 '12 at 01:01
  • @haseinda: Yes I have. Without that setting, I am authenticated to each project individually. After setting the path for auth cookies as /trac, it doesn't sign on even for a single project. I am really causing you a lot of trouble by this problem of mine. – gentrobot Mar 05 '12 at 05:25
  • 1
    Trouble is irrelevant, solution counts. There is a basic set of DEBUG logging statements in current code to enable further diagnosis in such a situation. Would you post it here (log for the env you log into plus 2 other envs meant to be handled in the same process, with all in Trac DEBUG log mode), or give it to me by other means, so I can have a look, hopefully cut out the relevant pieces myself and post it back here to form a better answer. I'm definitely wanting to fix it for you and me, because I know it can work. – hasienda Mar 05 '12 at 23:16