Search code examples
tracaccountmanager

Trac Single Signon not working as mentioned in the cookbook

I am using Trac 0.12.3 in a multi project setup with subversion and am using AccountManagerPlugin from the trunk. The default index page enlists all the project directories and clicking on any of them takes me to the trac page for that project. When I try to login, I am successfully authenticated, however, coming to another project needs me to log in again. I wanted to use single sign on and followed the steps mentioned at http://trac-hacks.org/wiki/CookBook/AccountManagerPluginConfiguration#SingleSignOn

It always asks me to sign in for every project.

My apache config:

<VirtualHost *:80>
  ServerName trac.myproject.com
  ServerAdmin your@email.com

  DocumentRoot /trac

  <Directory />
    Options FollowSymLinks
    AllowOverride None
  </Directory>
  <Directory />
    Options Indexes FollowSymLinks MultiViews
    AllowOverride None
    Order allow,deny
    allow from all
  </Directory>

  ErrorLog /var/log/apache2/error.log
  LogLevel warn
  CustomLog /var/log/apache2/access.log combined
  ServerSignature On

<Location /svn>
   DAV svn
   SVNParentPath /svn

   AuthType Basic
   AuthName "Subversion Repository"
   AuthUserFile /etc/svnauth
   Require valid-user
   AuthzSVNAccessFile /etc/svnaccess
</Location>

<LocationMatch "/.+">
   SetHandler mod_python
   PythonHandler trac.web.modpython_frontend
   PythonOption TracEnvParentDir /trac/
   PythonOption TracUriRoot /
   #AuthType Basic
   #AuthName "Trac"
   #AuthUserFile /etc/svnauth
   #Require valid-user
</LocationMatch>

</VirtualHost>

Trac.ini file, from which all the other project specific trac.ini files are inherited:

[trac]
trac_auth = /trac/cookie
trac_auth_session = /trac/session
#I have also tried setting it as trac_auth_cookie = /trac/cookie
[header_logo]
alt = Logo
height = -1
link = /
src = http://projects.hostgeyser.com/templates/frost/images/logo%20250%20x%2089_new.png
width = -1

[components]
acct_mgr.admin.* = enabled
acct_mgr.api.* = enabled
acct_mgr.db.sessionstore = enabled
acct_mgr.htfile.htdigeststore = disabled
acct_mgr.htfile.htpasswdstore = enabled
acct_mgr.http.httpauthstore = disabled
acct_mgr.notification.* = enabled
acct_mgr.pwhash.htdigesthashmethod = disabled
acct_mgr.pwhash.htpasswdhashmethod = disabled
acct_mgr.svnserve.* = enabled
acct_mgr.svnserve.svnservepasswordstore = disabled
acct_mgr.web_ui.* = enabled
trac.web.auth.loginmodule = disabled
acct_mgr.http.httpauthstore = enabled


[account-manager]
password_store = HtPasswdStore
htpasswd_hash_type = md5
htpasswd_file = /etc/svnauth
Solution

  • You can't mix authentication as you do here:

    • Apache config by AuthType Basic
    • AccountManager LoginModule (enabled by acct_mgr.web_ui.* = enabled)

    Decide for only one of these. If you want SSO from AcctMgr, then stick to auth_cookie_path = <all-env-common-basepath>. The wiki page TracIni has all valid configuration keys for your Trac application, what is Trac environment-specific, depending on enabled components and installed Trac plugins.