Details
-
Suggestion
-
Resolution: Won't Fix
-
None
-
None
-
Windows XP
Description
We are using the Apache-Crowd connector to authenticate users for HTTP content and Subverison. Crowd, SVN and Apache are running on the same Machine with this Apache config:
ProxyPass /crowd http://localhost:8095/crowd
ProxyPassReverse /crowd http://localhost:8095/crowd
Alias /tools X:/Tools
<Location /tools>
Options Indexes
AuthName crowd
AuthType Basic
PerlAuthenHandler Apache::CrowdAuth
PerlSetVar CrowdAppName tools
PerlSetVar CrowdAppPassword tools
PerlSetVar CrowdSOAPURL http://localhost:8095/crowd/services/SecurityServer
PerlAuthzHandler Apache::CrowdAuthz
PerlSetVar CrowdAllowedGroups tools-users:r
Require valid-user
</Location>
When somebody (accidently?) set the environment variable HTTP_PROXY on this machine, access to /tools was no longer possible. In the Apache logs, an error says that Perl/site/lib/Atlassian/Crowd.pm fails in line 60. This is where the SOAP request if given to the SOAP::LITE Perl Library. The SOAP Library checks for the environment variable HTTP_PROXY and sends the request to the HTTP Proxy - which cannot handle "http://localhost:8095/crowd/services/SecurityServer"
and so it return an error. As a result, the authentication for /tools will fail.
There are several ways to fix this. Atlassian could extend the auth plugin to analyze the parameter CrowdSOAPURL in details. Then make SOAP::LITE not use any proxy setting for requests to "http://127.0.0.1:12345/..." or "http://loclahost:12345/...". But I assume SOAP::LITE has no such configuration options.
Thus it may come down to extending/fixing Perl's SOAP::LITE to handle this properly. Or use another SOAP library that can handle this.
I have solved this for now by removing HTTP_PROXY from the environment variables and telling everybody never ever to do this again.