0008912: A small modification allows to do Windows integrated authentication with mantis and IIS - MantisBT - Signup temporarily disabled due to spam

ID	Project	Category	View Status	Date Submitted	Last Update

0008912	mantisbt	authentication	public	2008-02-21 08:15	2013-02-04 16:26

Reporter	abrion	Assigned To
Priority	normal	Severity	tweak	Reproducibility	N/A
Status	new	Resolution	open
Platform	WINDOWS
Product Version	1.1.1

Summary	0008912: A small modification allows to do Windows integrated authentication with mantis and IIS
Description	Configuration IIS 6 with mandatory authentication (unchek "Enable anonymous access" for the site/directory) Mantis 1.1.1 with modifications (modifed files attached to this report) config_inc.php contains $g_login_method = WINDOWS_AUTH; $g_allow_signup = OFF; $g_lost_password_feature = OFF; Now users do not need to enter neither id/name nor password admin has to manually enter the accounts of people allowed to use mantis (windows login, not password) you can give the URL .../mantis/login.php so that people don't even see the login page
Additional Information	IIS does authentication. PHP gets the user's login from CGI param AUTH_USER. ID/Password check from SQL is by-passed. I did not try with PHP as ISAPI filter so I don't know if the trick works in this case I work with PHP as CGI (attach ...\php-cgi.exe to the .php extension in IIS Application Configuration) And remember: do not use a site name with an underscore if the browser is IE (see http://bugs.mantisbt.org/view.php?id=5886; I had to ask for a DNS alias as a workaround)
Tags	No tags attached.
Attached Files	mantis_auth_iis.zip (14,521 bytes)

smorley 2013-01-31 16:14 reporter ~0035002	Are there any opinions on this patch. I applied to my current build (1.2.12) and its working nicely. I'm interested in having it included in the next release so I don't have to reapply it. How best to proceed?

dregad 2013-02-01 03:17 developer ~0035003	Your best bet is to send us a Pull Request on our Github repository [1]. Please make sure that the code adheres to our Coding Guidelines [2]. [1] https://github.com/mantisbt/mantisbt [2] http://www.mantisbt.org/wiki/doku.php/mantisbt:coding_guidelines

cas 2013-02-01 07:58 reporter ~0035008	There is a plugin available which handles this nicely: http://www.mantisbt.org/bugs/view.php?id=12627

smorley 2013-02-01 09:07 reporter ~0035010	I like the plugin but it still requires patches to the code, the patches in this issue are not much more complex and one added to the core will not have to be maintained after each install.

cas 2013-02-01 09:43 reporter ~0035011 Last edited: 2013-02-04 04:55	Correct, I would hope that previous functionality would be re-installed in core/authentication_api.php. Possible use a different functionname but still available again. Then it can be a fully automatic plugin. Other option could be to add a custom function to the plugin but this i would like to avoid.

grangeway 2013-02-04 15:34 reporter ~0035024	These have been deliberately not included as we plan to add authentication plugins to the next release. Adding custom authentication hooks atm, only serves to make it harder to add a plugin architecture. I'm currently a core-dev and in the same position - using IIS to perform the authentication to mantis, with a custom patch.

smorley 2013-02-04 15:46 reporter ~0035025	Ah, and I was just about ready to send a commit to git. Thanks for the update, I'll just make do with my local patches for the foreseeable future. As a point of reference, where would I find this information. I want to make sure that none of my other good ideas are already being considered in core functionality. (And I agree with your decision, plugin architecture makes it easy to perform local customization without maintenance issues).

grangeway 2013-02-04 16:26 reporter ~0035026	1.2.x is a stable branch, which should not be getting new features. At a point where the active developers were myself/dhx/jreese, we started looking at being fairly 'radical' - with a new db layer + locale layer amongst other things. This is in the https://github.com/mantisbt/mantisbt/tree/next and https://github.com/mantisbt/mantisbt/tree/master-2.0.x branches. When I last spoke to dhx I believe we got to the point where if we got the language changes moved there would be nothing left in the next branch, and we could focus on the master-2.0.x branch for a tidy up. I've been holding off on putting a few changes I'm using at work into the main master branch as it will only generate more work porting patches around.