|View Issue Details|
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0008912||mantisbt||authentication||public||2008-02-21 08:15||2013-02-04 16:26|
|Target Version||Fixed in Version|
|Summary||0008912: A small modification allows to do Windows integrated authentication with mantis and IIS|
- IIS 6 with mandatory authentication (unchek "Enable anonymous access" for the site/directory)
- Mantis 1.1.1 with modifications (modifed files attached to this report)
- config_inc.php contains
$g_login_method = WINDOWS_AUTH;
$g_allow_signup = OFF;
$g_lost_password_feature = OFF;
- users do not need to enter neither id/name nor password
- admin has to manually enter the accounts of people allowed to use mantis (windows login, not password)
- you can give the URL .../mantis/login.php so that people don't even see the login page
|Additional Information||IIS does authentication.|
PHP gets the user's login from CGI param AUTH_USER.
ID/Password check from SQL is by-passed.
I did not try with PHP as ISAPI filter so I don't know if the trick works in this case
I work with PHP as CGI (attach ...\php-cgi.exe to the .php extension in IIS Application Configuration)
And remember: do not use a site name with an underscore if the browser is IE (see http://bugs.mantisbt.org/view.php?id=5886; [^] I had to ask for a DNS alias as a workaround)
|Tags||No tags attached.|
|Are there any opinions on this patch. I applied to my current build (1.2.12) and its working nicely. I'm interested in having it included in the next release so I don't have to reapply it. How best to proceed?|
Your best bet is to send us a Pull Request on our Github repository . Please make sure that the code adheres to our Coding Guidelines .
 https://github.com/mantisbt/mantisbt [^]
 http://www.mantisbt.org/wiki/doku.php/mantisbt:coding_guidelines [^]
There is a plugin available which handles this nicely:
|I like the plugin but it still requires patches to the code, the patches in this issue are not much more complex and one added to the core will not have to be maintained after each install.|
Last edited: 2013-02-04 04:55
Correct, I would hope that previous functionality would be re-installed in core/authentication_api.php.
Possible use a different functionname but still available again.
Then it can be a fully automatic plugin.
Other option could be to add a custom function to the plugin but this i would like to avoid.
These have been deliberately not included as we plan to add authentication plugins to the next release.
Adding custom authentication hooks atm, only serves to make it harder to add a plugin architecture.
I'm currently a core-dev and in the same position - using IIS to perform the authentication to mantis, with a custom patch.
|Ah, and I was just about ready to send a commit to git. Thanks for the update, I'll just make do with my local patches for the foreseeable future. As a point of reference, where would I find this information. I want to make sure that none of my other good ideas are already being considered in core functionality. (And I agree with your decision, plugin architecture makes it easy to perform local customization without maintenance issues).|
1.2.x is a stable branch, which should not be getting new features.
At a point where the active developers were myself/dhx/jreese, we started looking at being fairly 'radical' - with a new db layer + locale layer amongst other things. This is in the https://github.com/mantisbt/mantisbt/tree/next [^] and https://github.com/mantisbt/mantisbt/tree/master-2.0.x [^] branches.
When I last spoke to dhx I believe we got to the point where if we got the language changes moved there would be nothing left in the next branch, and we could focus on the master-2.0.x branch for a tidy up.
I've been holding off on putting a few changes I'm using at work into the main master branch as it will only generate more work porting patches around.
|2008-02-21 08:15||abrion||New Issue|
|2008-02-21 08:15||abrion||File Added: mantis_auth_iis.zip|
|2013-01-31 16:14||smorley||Note Added: 0035002|
|2013-02-01 03:17||dregad||Note Added: 0035003|
|2013-02-01 07:58||cas||Note Added: 0035008|
|2013-02-01 09:06||dregad||Relationship added||related to 0012627|
|2013-02-01 09:07||smorley||Note Added: 0035010|
|2013-02-01 09:43||cas||Note Added: 0035011|
|2013-02-04 04:55||cas||Note Edited: 0035011||View Revisions|
|2013-02-04 15:34||grangeway||Note Added: 0035024|
|2013-02-04 15:46||smorley||Note Added: 0035025|
|2013-02-04 16:26||grangeway||Note Added: 0035026|