Re: [otrs] CAS single sign on with perl authcas module

On Sun, Jul 3, 2011 at 10:17 PM, Michiel Beijen wrote:

You can configure different auth mechanisms using the OTRS configuration; this IS separate for customer- and agent frontend. If you would also like to set up for instance CAS for the customer and Kerberos for agent this can be achieved by creating LocationMatch sections in the web server configuration.

Thanks.

BTW you're probably not doing this on purpose but it seems as if you have set up OTRS to (auto)reply to this mailing list; can you please correct this?

It's not me. Regards, Mikael

Thanks,

Mike

On Sun, Jul 3, 2011 at 22:05, Mikael Kermorgant wrote:

...

Hello,

Well, I was using BasicAuth inside a single virtualhost, and wanted to have diferent auth behaviors for the customer and agent backend. This would be easier achieved with an authmodule developped for otrs, wouldn't it ?

So I wrote a small contribution in that goal (see http://bugs.otrs.org/show_bug.cgi?id=7467) which works quite well, although the gateway mode isn't handled as I wish by otrs. (see my other recent question about 2 customer auth backends, first one being HTTPBasicAuth)

Regards,

Mikael Kermorgant

On Sun, Jul 3, 2011 at 8:47 PM, Michiel Beijen wrote:

...

Hi Mikael,

If you want to authenticate with CAS you only need to configure Apache to use mod_auth_cas (see https://wiki.jasig.org/display/CASC/mod_auth_cas) .

When you have that set up you then can simply use the BasicAuth authentication for OTRS. We have multiple customers that are using this with good results. There's nothing that you should need to hack in OTRS for this.

If you want you can contact us for commercial support. -- Michiel Beijen Senior Consultant

OTRS BV Schipholweg 103 2316 XC  Leiden The Netherlands

T: +31 71 8200 255 F: +31 71 8200 254 I:  http://www.otrs.com

Increase efficiency up to 30% - get OTRS Help Desk 3.0: http://www.otrs.com/

On Sat, Jul 2, 2011 at 23:59, Mikael Kermorgant wrote:

...

Hello, I have setup otrs 3.0.5 with single sign on based on apache and mod_cas. As this could be a problem when having different authentication scenarios for agents and customers, I have tried to setup a CAS auth module by copy/pasting code snippets here and there (I don't know perl...). I think I'm almost there but I have an annoying bug I'm asking help for now. I have created a CAS.pm file in  /opt/otrs/Kernel/System/CustomerAuth ==== use CGI; use AuthCAS; use CGI; use CGI::Carp qw( fatalsToBrowser ); ... sub Auth {     my ( $Self, %Param ) = @_;     my $cas = new AuthCAS(casUrl => 'https://sso.paris.iufm.fr/cas');     my $app_url = 'http://support.paris.iufm.fr/otrs/customer.pl';     unless ($ENV{QUERY_STRING} =~ /ticket=/) {     ###     ### Redirect the User for login at CAS     ###       my $login_url = $cas->getServerLoginURL($app_url);       printf "Location: $login_url\n\n";       exit 0;     }     $ENV{QUERY_STRING} =~ /ticket=([^&]+)/; my $ST = $1;     my $User = $cas->validateST($app_url, $ST);     # return user     return $User; } ============ The problem is with the line "unless ($ENV{QUERY_STRING} =~ /ticket=/) {". It seems the $ENV{QUERY_STRING} is empty (not tested but I end in an infinite loop, due to falling in this condition evrytime) Would somebody have an idea about how to fix this check ? Regards, -- Mikael Kermorgant

--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs

--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs

-- Mikael Kermorgant --------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs

---

OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs

-- Mikael Kermorgant