Bakery currently conflicts with Basic Authorization methods of access with no recourse (currently). Because Bakery's cookie structure jumps in at hook_boot this requires other projects to (theoretically) preempt it and do their user login processes in hook_boot and make them happen earlier. This is by design for security as and simplicity; bakery wants to be the authority as far as logging people in securely from 1 place (basically).
This is great, until you want users to utilize your network of applications / systems in a SSO manner but also want data passed around that requires web services to login and perform tasks. Bakery will see an anonymous user and kick over to the login form.
The patch here will provide support for basically applying the "bypass sso" permission for any account that can login via Basic Authorization headers. This means people can login (and by people I mean web systems) via passing credentials to a site. This would allow robots and humans to play nicely with this great cross-domain SSO project without constantly baking cookies and blocking connection :).
It's pretty simple, mostly comments as to why you'd want to do this. This is rolled against 2.x
Comment | File | Size | Author |
---|---|---|---|
#2 | bakery-allow-basic-auth-skip-sso-2653554-1.patch | 3.51 KB | btopro |
Comments
Comment #2
btopro CreditAttribution: btopro at Pennsylvania State University for ELMSLN commentedhere's the patch we are looking to use in elmsln
Comment #3
drupov CreditAttribution: drupov commentedHi,
there are several issues with the patch:
It's not created relative to the modules' root:
Also there is not hook_form_alter implementation in 7.x-2.x and also not in the current stable branch, so hunk #2 fails.
Hunks #1 and #3 have rather big offsets:
Can you please take a look again?