Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix Admin LDAP login option #316

Closed
GUI opened this issue Dec 16, 2016 · 0 comments
Closed

Fix Admin LDAP login option #316

GUI opened this issue Dec 16, 2016 · 0 comments
Milestone
v0.14.0

Comments

@GUI
Copy link
Member

GUI commented Dec 16, 2016

I'm not sure the LDAP login option has ever worked since we added the omniauth-ldap gem back in #131 (we were missing some additional pieces needed beyond just adding the gem).

I recently had a need for the LDAP authentication setup, so I had fixed the issues in master a couple months ago: 362b917

However, after merging in all the Rails 4 upgrade stuff (#312), the LDAP login option became broken again. The issue now is that LDAP login page doesn't have the Rails CSRF token on it, so Rails is rejecting the callback endpoint.

This CSRF issue is pretty similar to the issue we've seen with the developer login strategy: omniauth/omniauth#674 For the developer strategy, we've just disabled CSRF, since it's only used in development, but we probably don't want to do that for the LDAP strategy.
@GUI GUI mentioned this issue Feb 5, 2017
Merged
@GUI GUI added this to the v0.14.0 milestone Feb 5, 2017
@GUI GUI closed this as completed Feb 23, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v0.14.0
Development

No branches or pull requests
1 participant
@GUI