benoitdion
commented
11 years ago +1
Is there a way to work around this issue?
Open larsxschneider opened 11 years ago
benoitdion
commented
11 years ago +1
Is there a way to work around this issue?
dawsmith8
commented
11 years ago Workaround - not at the moment - you can whitelist some users in an SSO sub of Rally to be okay for non sso auth. I think I can look at this a little soon though. It would probably need a new parameter or two to tell us what your SSO login page url is along with some details of that page - eg what the HTML form name and user/login divs or input fields are.
dawsmith8
commented
11 years ago @larsxschneider and @benoitdion - I have a branch up for a spike on SSO. I cut a new gem: rally_api-0.9.17.pre which has prelimary SSO working for my sso user - hard for me to test for you, but wanted to see if it would work. The pre is up on rubygems.org - try gem install rally_api --pre
Sorry for the edit - one more thing - in the config you pass in, you would now need to pass in config[:rally_sso_url] = your initial SSO url and the base_url for rally Should be something like: https://sso.rallydev.com/sp/startSSO.ping?PartnerIdpId=https://[youridp].com
wvdschel
commented
10 years ago Has this been merged to the main branch, or is this still only available in the --pre gem?
dawsmith8
commented
10 years ago @wvdschel - it is still in a pre gem. I'm thinking of changing the gem so that you can pass in your own code block for sso login. The main issue is that each SSO handshake is unique (depends on how your company setup your SSO provider). This means that it is very hard to make the code generic. The test (pre) support I had would work if the handshake only used HTML forms to do the handshake, but some customers do other actions in the handshake beyond form posting (eg Javascript or captcha).
wvdschel
commented
10 years ago I think that would be a good idea. I tried it with my company's SSO page, but it seems to pick the wrong form (the search form instead of the login form).
dawsmith8
commented
10 years ago With the 1.0.x version of this gem, you can now use API keys for auth. See the Readme - hopefully the api keys would work for what you might need.
Not at the moment, but I've heard one or two requests for it. We would likely have to add a way to designate the Identity Provider url - I'll keep this open hopefully to spike it out soon.