[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Using External Security Provider with Subversion 1.3.1+Apache

From: Rafael Caceres <rcaceres_at_aasa.com.pe>
Date: 2006-04-26 19:26:28 CEST

What Apache will do when the user is authenticated is set the
'request->remote_user'. I would think that any application willing to
learn who the user is can obtain the data from the request object.

On Wed, 2006-04-26 at 08:18 -0400, Andy Levy wrote:
> On 4/25/06, Keith Lawless <keithlawless@gmail.com> wrote:
> > I have set Subversion with Apache integration and have it working both with
> > and without basic authentication via AuthType basic. Now, I want to wrap the
> > whole thing up so that it is protected by Siteminder. So I have configured
> > Siteminder, let it know what all the WebDAV verbs are, and set up the
> > policies. From a security point of view, everything is working. My question
> > is: now that an external provider is handling security, how do I pass the
> > author's username to Subversion to make sure the history is updated
> > correctly? Currently, it looks like everything is done by Anonymous. Is
> > there an HTTP header I can set, or a variable I can append to the URL?
>
> >From what I recall about Siteminder (it's been a couple years since I
> had the pleasure of working with it), the web server itself does see
> all users as anonymous - but the ID and other credentials are stashed
> in a cookie and/or some custom HTTP headers (I think you can configure
> how it does this). The security happens before the web server proper
> even sees the request (in IIS/Windows parlance, SM is an ISAPI filter
> that catches the HTTP request before anything else sees it).
>
> Not having used SM with Apache, nor am I an Apache guru - but it seems
> like the missing link is that somehow the credentials need to get
> passed out of SM along with the rest of the request.
>
> Have you asked the SM folks about it?
>
> Don't know if I helped or just regurgitated things you already knew;
> hopefully the former, if it's the latter I apologize.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
> For additional commands, e-mail: users-help@subversion.tigris.org
>
>
> Analizado por ThMailServer para Linux.
>
>
> !DSPAM:444f656a115181718616930!
>

Analizado por ThMailServer para Linux.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Wed Apr 26 19:23:52 2006

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.