[otrs] CAS single sign on with perl authcas module

Mikael Kermorgant mikael.kermorgant at gmail.com
Sun Jul 3 20:23:35 GMT 2011


On Sun, Jul 3, 2011 at 10:17 PM, Michiel Beijen
<michiel.beijen at gmail.com> wrote:
> You can configure different auth mechanisms using the OTRS
> configuration; this IS separate for customer- and agent frontend. If
> you would also like to set up for instance CAS for the customer and
> Kerberos for agent this can be achieved by creating LocationMatch
> sections in the web server configuration.

Thanks.

> BTW you're probably not doing this on purpose but it seems as if you
> have set up OTRS to (auto)reply to this mailing list; can you please
> correct this?

It's not me.

Regards,
Mikael


> Thanks,
>
> Mike
>
> On Sun, Jul 3, 2011 at 22:05, Mikael Kermorgant
> <mikael.kermorgant at gmail.com> wrote:
>> Hello,
>>
>> Well, I was using BasicAuth inside a single virtualhost, and wanted to
>> have diferent auth behaviors for the customer and agent backend.
>> This would be easier achieved with an authmodule developped for otrs,
>> wouldn't it ?
>>
>> So I wrote a small contribution in that goal (see
>> http://bugs.otrs.org/show_bug.cgi?id=7467) which works quite well,
>> although the gateway mode isn't handled as I wish by otrs.
>> (see my other recent question about 2 customer auth backends, first
>> one being HTTPBasicAuth)
>>
>> Regards,
>>
>> Mikael Kermorgant
>>
>>
>> On Sun, Jul 3, 2011 at 8:47 PM, Michiel Beijen <michiel.beijen at otrs.com> wrote:
>>>
>>> Hi Mikael,
>>>
>>> If you want to authenticate with CAS you only need to configure Apache
>>> to use mod_auth_cas (see
>>> https://wiki.jasig.org/display/CASC/mod_auth_cas) .
>>>
>>> When you have that set up you then can simply use the BasicAuth
>>> authentication for OTRS. We have multiple customers that are using
>>> this with good results. There's nothing that you should need to hack
>>> in OTRS for this.
>>>
>>> If you want you can contact us for commercial support.
>>> --
>>> Michiel Beijen
>>> Senior Consultant
>>>
>>> OTRS BV
>>> Schipholweg 103
>>> 2316 XC  Leiden
>>> The Netherlands
>>>
>>> T: +31 71 8200 255
>>> F: +31 71 8200 254
>>> I:  http://www.otrs.com
>>>
>>> Increase efficiency up to 30% - get OTRS Help Desk 3.0:
>>> http://www.otrs.com/
>>>
>>>
>>> On Sat, Jul 2, 2011 at 23:59, Mikael Kermorgant
>>> <mikael.kermorgant at gmail.com> wrote:
>>> > Hello,
>>> > I have setup otrs 3.0.5 with single sign on based on apache and mod_cas.
>>> > As this could be a problem when having different authentication scenarios
>>> > for agents and customers, I have tried to setup a CAS auth module by
>>> > copy/pasting code snippets here and there (I don't know perl...). I think
>>> > I'm almost there but I have an annoying bug I'm asking help for now.
>>> > I have created a CAS.pm file in  /opt/otrs/Kernel/System/CustomerAuth
>>> > ====
>>> > use CGI;
>>> > use AuthCAS;
>>> > use CGI;
>>> > use CGI::Carp qw( fatalsToBrowser );
>>> > ...
>>> > sub Auth {
>>> >     my ( $Self, %Param ) = @_;
>>> >     my $cas = new AuthCAS(casUrl => 'https://sso.paris.iufm.fr/cas');
>>> >     my $app_url = 'http://support.paris.iufm.fr/otrs/customer.pl';
>>> >     unless ($ENV{QUERY_STRING} =~ /ticket=/) {
>>> >     ###
>>> >     ### Redirect the User for login at CAS
>>> >     ###
>>> >       my $login_url = $cas->getServerLoginURL($app_url);
>>> >       printf "Location: $login_url\n\n";
>>> >       exit 0;
>>> >     }
>>> >     $ENV{QUERY_STRING} =~ /ticket=([^&]+)/; my $ST = $1;
>>> >     my $User = $cas->validateST($app_url, $ST);
>>> >     # return user
>>> >     return $User;
>>> > }
>>> > ============
>>> > The problem is with the line "unless ($ENV{QUERY_STRING} =~ /ticket=/) {".
>>> > It seems the $ENV{QUERY_STRING} is empty (not tested but I end in an
>>> > infinite loop, due to falling in this condition evrytime)
>>> > Would somebody have an idea about how to fix this check ?
>>> > Regards,
>>> > --
>>> > Mikael Kermorgant
>>> >
>>> > ---------------------------------------------------------------------
>>> > OTRS mailing list: otrs - Webpage: http://otrs.org/
>>> > Archive: http://lists.otrs.org/pipermail/otrs
>>> > To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
>>> >
>>> ---------------------------------------------------------------------
>>> OTRS mailing list: otrs - Webpage: http://otrs.org/
>>> Archive: http://lists.otrs.org/pipermail/otrs
>>> To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
>>
>>
>> --
>> Mikael Kermorgant
>> ---------------------------------------------------------------------
>> OTRS mailing list: otrs - Webpage: http://otrs.org/
>> Archive: http://lists.otrs.org/pipermail/otrs
>> To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
> ---------------------------------------------------------------------
> OTRS mailing list: otrs - Webpage: http://otrs.org/
> Archive: http://lists.otrs.org/pipermail/otrs
> To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs



-- 
Mikael Kermorgant


More information about the otrs mailing list