[otrs] CAS single sign on with perl authcas module

Michiel Beijen michiel.beijen at gmail.com
Sun Jul 3 20:17:51 GMT 2011


You can configure different auth mechanisms using the OTRS
configuration; this IS separate for customer- and agent frontend. If
you would also like to set up for instance CAS for the customer and
Kerberos for agent this can be achieved by creating LocationMatch
sections in the web server configuration.

BTW you're probably not doing this on purpose but it seems as if you
have set up OTRS to (auto)reply to this mailing list; can you please
correct this?
Thanks,

Mike

On Sun, Jul 3, 2011 at 22:05, Mikael Kermorgant
<mikael.kermorgant at gmail.com> wrote:
> Hello,
>
> Well, I was using BasicAuth inside a single virtualhost, and wanted to
> have diferent auth behaviors for the customer and agent backend.
> This would be easier achieved with an authmodule developped for otrs,
> wouldn't it ?
>
> So I wrote a small contribution in that goal (see
> http://bugs.otrs.org/show_bug.cgi?id=7467) which works quite well,
> although the gateway mode isn't handled as I wish by otrs.
> (see my other recent question about 2 customer auth backends, first
> one being HTTPBasicAuth)
>
> Regards,
>
> Mikael Kermorgant
>
>
> On Sun, Jul 3, 2011 at 8:47 PM, Michiel Beijen <michiel.beijen at otrs.com> wrote:
>>
>> Hi Mikael,
>>
>> If you want to authenticate with CAS you only need to configure Apache
>> to use mod_auth_cas (see
>> https://wiki.jasig.org/display/CASC/mod_auth_cas) .
>>
>> When you have that set up you then can simply use the BasicAuth
>> authentication for OTRS. We have multiple customers that are using
>> this with good results. There's nothing that you should need to hack
>> in OTRS for this.
>>
>> If you want you can contact us for commercial support.
>> --
>> Michiel Beijen
>> Senior Consultant
>>
>> OTRS BV
>> Schipholweg 103
>> 2316 XC  Leiden
>> The Netherlands
>>
>> T: +31 71 8200 255
>> F: +31 71 8200 254
>> I:  http://www.otrs.com
>>
>> Increase efficiency up to 30% - get OTRS Help Desk 3.0:
>> http://www.otrs.com/
>>
>>
>> On Sat, Jul 2, 2011 at 23:59, Mikael Kermorgant
>> <mikael.kermorgant at gmail.com> wrote:
>> > Hello,
>> > I have setup otrs 3.0.5 with single sign on based on apache and mod_cas.
>> > As this could be a problem when having different authentication scenarios
>> > for agents and customers, I have tried to setup a CAS auth module by
>> > copy/pasting code snippets here and there (I don't know perl...). I think
>> > I'm almost there but I have an annoying bug I'm asking help for now.
>> > I have created a CAS.pm file in  /opt/otrs/Kernel/System/CustomerAuth
>> > ====
>> > use CGI;
>> > use AuthCAS;
>> > use CGI;
>> > use CGI::Carp qw( fatalsToBrowser );
>> > ...
>> > sub Auth {
>> >     my ( $Self, %Param ) = @_;
>> >     my $cas = new AuthCAS(casUrl => 'https://sso.paris.iufm.fr/cas');
>> >     my $app_url = 'http://support.paris.iufm.fr/otrs/customer.pl';
>> >     unless ($ENV{QUERY_STRING} =~ /ticket=/) {
>> >     ###
>> >     ### Redirect the User for login at CAS
>> >     ###
>> >       my $login_url = $cas->getServerLoginURL($app_url);
>> >       printf "Location: $login_url\n\n";
>> >       exit 0;
>> >     }
>> >     $ENV{QUERY_STRING} =~ /ticket=([^&]+)/; my $ST = $1;
>> >     my $User = $cas->validateST($app_url, $ST);
>> >     # return user
>> >     return $User;
>> > }
>> > ============
>> > The problem is with the line "unless ($ENV{QUERY_STRING} =~ /ticket=/) {".
>> > It seems the $ENV{QUERY_STRING} is empty (not tested but I end in an
>> > infinite loop, due to falling in this condition evrytime)
>> > Would somebody have an idea about how to fix this check ?
>> > Regards,
>> > --
>> > Mikael Kermorgant
>> >
>> > ---------------------------------------------------------------------
>> > OTRS mailing list: otrs - Webpage: http://otrs.org/
>> > Archive: http://lists.otrs.org/pipermail/otrs
>> > To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
>> >
>> ---------------------------------------------------------------------
>> OTRS mailing list: otrs - Webpage: http://otrs.org/
>> Archive: http://lists.otrs.org/pipermail/otrs
>> To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
>
>
> --
> Mikael Kermorgant
> ---------------------------------------------------------------------
> OTRS mailing list: otrs - Webpage: http://otrs.org/
> Archive: http://lists.otrs.org/pipermail/otrs
> To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs


More information about the otrs mailing list