Re: [otrs] CAS single sign on with perl authcas module

3 Jul 2011

      Hi Mikael,

If you want to authenticate with CAS you only need to configure Apache
to use mod_auth_cas (see
https://wiki.jasig.org/display/CASC/mod_auth_cas) .

When you have that set up you then can simply use the BasicAuth
authentication for OTRS. We have multiple customers that are using
this with good results. There's nothing that you should need to hack
in OTRS for this.

If you want you can contact us for commercial support.
-- 
Michiel Beijen
Senior Consultant

OTRS BV
Schipholweg 103
2316 XC  Leiden
The Netherlands

T: +31 71 8200 255
F: +31 71 8200 254
I:  http://www.otrs.com

Increase efficiency up to 30% - get OTRS Help Desk 3.0:
http://www.otrs.com/

On Sat, Jul 2, 2011 at 23:59, Mikael Kermorgant
 wrote:
...
Hello,
I have setup otrs 3.0.5 with single sign on based on apache and mod_cas.
As this could be a problem when having different authentication scenarios
for agents and customers, I have tried to setup a CAS auth module by
copy/pasting code snippets here and there (I don't know perl...). I think
I'm almost there but I have an annoying bug I'm asking help for now.
I have created a CAS.pm file in  /opt/otrs/Kernel/System/CustomerAuth
====
use CGI;
use AuthCAS;
use CGI;
use CGI::Carp qw( fatalsToBrowser );
...
sub Auth {
    my ( $Self, %Param ) = @_;
    my $cas = new AuthCAS(casUrl => 'https://sso.paris.iufm.fr/cas');
    my $app_url = 'http://support.paris.iufm.fr/otrs/customer.pl';
    unless ($ENV{QUERY_STRING} =~ /ticket=/) {
    ###
    ### Redirect the User for login at CAS
    ###
      my $login_url = $cas->getServerLoginURL($app_url);
      printf "Location: $login_url\n\n";
      exit 0;
    }
    $ENV{QUERY_STRING} =~ /ticket=([^&]+)/; my $ST = $1;
    my $User = $cas->validateST($app_url, $ST);
    # return user
    return $User;
}
============
The problem is with the line "unless ($ENV{QUERY_STRING} =~ /ticket=/) {".
It seems the $ENV{QUERY_STRING} is empty (not tested but I end in an
infinite loop, due to falling in this condition evrytime)
Would somebody have an idea about how to fix this check ?
Regards,
--
Mikael Kermorgant
---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs