Improvements for authentication using REMOTE_USER

Review Request #412 — Created June 12, 2008 and discarded


Review Board SVN (deprecated)


This patch aims to increase awareness of a specific need related to the use of Review Board in a corporate environment: the use of single sign on logins. In this case, the user authenticates once and the Apache server communicates the user name to Review board through Django. There is no more need for login and logout links as authentication is done when the user logs in its terminal or through its browser.

Because the current patch waiting for inclusion into Django's repository does not provide for a system to detect that web authentication is performed, a new variable called WEBAUTH is introduced in "settings". Its use in the template is straightforward. The manner in which the detection of web authentication is inelegant. Maybe this patch can be improved or maybe it is preferable to improve the patch for Django.
The change (with commented out code activated) have been deployed on my company servers which runs with the latest patch (t689-r7609.diff) for Django ticket #689. Review board is installed on a Centos 5 Apache box. It works properly.
  2. Missed a space.
    1. Fixed in new diff version.
  1. Just to keep you up to date, I'm not ignoring this patch or anything. I'm partially waiting for the Django patch to go in and partially waiting to finish some code I'm working on that heavily influence how settings and auth in Review Board work.
    Trying not to introduce many new settings or auth-related things until this goes in, but I hope that to be soon.
    1. Looks like the patch just went in.
      Can you update this change to use the new siteconfig support for authentication, and to only provide these options if using a version of Django that supports this? We want to stay compatible with Django 1.0.
    2. I am afraid as of r9281, the patch has not been integrated in Django yet. The functionality has been added to milestone 1.1 though. So it will have to wait a bit more...
    3. Now that Django 1.1 is about to ship, and we're about to require it, can you check if your patches are still compatible and working? It would be nice to get this in for Review Board 1.1.
    4. 'django.contrib.auth.middleware.RemoteUserAuthMiddleware' needs to be changed to 'django.contrib.auth.middleware.RemoteUserMiddleware'.
      This being said. As there is a "Authentication Method" form in the admin page, maybe it should be used instead.
    5. Xavier, could you post a patch against Review Board 1.0.1?  Thanks.
    6. Yeah, a new patch that integrates with our siteconfig code for choosing/setting up the auth backend will be needed.