Re: [otrs] SSO

Thanks Gerald. I know you do always come through with help. :) I notice the link you provided uses RADIUS for authentication instead of the others I pointed to that use Kerberos. Would you say that this is a simpler and more supported way of handling the SSO issue? I have LDAP integration with AD, so passwords work, but the question always comes up of “why can’t it just recognize me and take me to the page?” I find that to be a little trickier when integrating Linux into the Windows environment to the point that it scares me that I will crash my production system when trying. RADIUS would definitely be the simpler solution in my opinion to the mod_auth_kerb solution, but I value your opinion on the matter because it seems as though you have some familiarity in this regard. Thanks again! P.S. Yes or no are indeed the expected answers. ;) From: Gerald Young [mailto:crythias@gmail.com] Sent: Tuesday, May 13, 2014 9:51 AM To: User questions and discussions about OTRS. Subject: Re: [otrs] SSO

I find a simple "yes" to be such a helpful response. *sarcasm off* See, :) And look what happened. The post had been sitting for a week, I say "Yes" and then everyone pipes in...

First, the question was answered because the question could only be answered with a Yes or No. Second, nobody here pointed to the docs for external authentication. http://otrs.github.io/doc/manual/admin/3.3/en/html/external-backends.html#cu... I don't mind providing more information, but the question has to be better. Like, "How do I provide a way for [specific portal software] to provide external authentication to OTRS?" Instead, we have, "Is there an API ..." Sure, there's an API. But there's no practical way to answer the question as asked. With stock OTRS, the only way to externally authenticate is via HTTPBasicAuth. Single Sign On is a bit more complicated to answer for an unknown entity. On Tue, May 13, 2014 at 10:14 AM, Marty Hillman mailto:mhillman@equuscs.com> wrote: I find a simple "yes" to be such a helpful response. *sarcasm off* I have been looking for the same solution for some time and have run across a few articles which provide some hints at how to get this done. http://osdir.com/ml/otrs.devel/2008-06/msg00005.html - indicates that this is a combination between mod_auth_kerb and the configuration of HTTPBasicAuth, but does not specify which files specifically should be modified nor detailed instructions. http://forums.otterhub.org/viewtopic.php?f=81&t=15422 provides a more detailed example of how to do this. This appears to be the most promising lead for me. One of the more helpful links was http://ingenious-excerpts.blogspot.fr/2011/08/apache-on-linux-and-single-sig... assuming you do not already have samba configured on your linux box. https://www.mail-archive.com/otrs@otrs.org/msg29983.html appears to be a much more detailed effort at defining how to do this. I have not tried any of these methods yet, but am going to try the last one as it looks more complete. Let me know if any of them work for you. Marty From: Gerald Young [mailto:crythias@gmail.commailto:crythias@gmail.com] Sent: Sunday, May 11, 2014 8:10 AM To: User questions and discussions about OTRS. Subject: Re: [otrs] SSO

Is there an API function where I can obtain a token of some sort for a specific username and add the token to a URL which will allow me to redirect the user into OTRS while allowing them to bypass the login prompt?

Yes. Hello, We have a central portal that users are logged into. I currently have the portal pulling a list of the users recent OTRS tickets and a link which directs them into OTRS. However, they have to log into OTRS using their username and password. Is there an API function where I can obtain a token of some sort for a specific username and add the token to a URL which will allow me to redirect the user into OTRS while allowing them to bypass the login prompt? Thanks, Kris --------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs --------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs