Hi, I'm running into a new problem :-(... LDAP is working and when i use a username without DOMAIN\ the user login is successful. SSO is not working. When i add the following lines in my Config.pm for SSO $Self->{'AuthModule'} = 'Kernel::System::Auth::HTTPBasicAuth'; Login failed. And following entries are written in the log. Sat Dec 12 10:07:02 2009 error OTRS-CGI-10 Need UserLogin or UserID! Sat Dec 12 10:07:02 2009 notice OTRS-CGI-10 User: No $ENV{REMOTE_USER} or $ENV{HTTP_REMOTE_USER} !(REMOTE_ADDR: xxx.xxx.xxx.xxx). Does anyone have any idea what the problem can be..? Thanks! Best, Dave
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Dave,
LDAP is working and when i use a username without DOMAIN\ the user login is successful.
SSO is not working. When i add the following lines in my Config.pm for SSO
$Self->{'AuthModule'} = 'Kernel::System::Auth::HTTPBasicAuth';
Login failed. And following entries are written in the log.
Sat Dec 12 10:07:02 2009 error OTRS-CGI-10 Need UserLogin or UserID! Sat Dec 12 10:07:02 2009 notice OTRS-CGI-10 User: No $ENV{REMOTE_USER} or $ENV{HTTP_REMOTE_USER} !(REMOTE_ADDR: xxx.xxx.xxx.xxx).
Does anyone have any idea what the problem can be..?
where does your authentication take place? Do you use some BasicAuth mechanism on the same webserver, in a way that the above mentioned environment variables are filled? It doesn't look like... regards, T. - -- Torsten Thau, Dipl. Inform. c.a.p.e. IT Labs GbR - Annaberger Str. 240 - D-09125 Chemnitz phone: +49 371 5347 623 cell: +49 176 66 680 680 personal pgp-key: 0x93E0A174 fax: +49 371 5347 625 http://www.cape-it.de -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAksjZSgACgkQvXo8m5PgoXQFPwCggyQ1auKHm9OV/bt/pcz3sPir QyoAn0uju4VaT47MozcDPiN4uJCdGfmm =oYA9 -----END PGP SIGNATURE-----
Hi Torsten, Thanks for your email. My Authentication needs to take place against the AD with LDAP. This is working. When a user put in his/her credentials (just username without domain) it's authenticated successfully against the AD, user can login and if not yet created in local DB it's created and added to the group 'users'. I just found out that when i enable this rule the complete login is not working anymore. also manually it's now not possible to login.
$Self->{'AuthModule'} = 'Kernel::System::Auth::HTTPBasicAuth';
When i try to login automatically with SSO it's not working and the following entries are written in the log: Sat Dec 12 11:14:11 2009 error OTRS-CGI-10 Need UserLogin or UserID! Sat Dec 12 11:14:11 2009 notice OTRS-CGI-10 User: No $ENV{REMOTE_USER} or $ENV{HTTP_REMOTE_USER} !(REMOTE_ADDR: 10.20.203.100). When i try to login with my credentials username/password manually these lines are also logged,... Sat Dec 12 11:14:31 2009 error OTRS-CGI-10 Need UserLogin or UserID! Sat Dec 12 11:14:31 2009 notice OTRS-CGI-10 User: No $ENV{REMOTE_USER} or $ENV{HTTP_REMOTE_USER} !(REMOTE_ADDR: 10.20.203.100). When i disable the "$Self->{'AuthModule'} = 'Kernel::System::Auth::HTTPBasicAuth';" rule again i can login manually... Thanks for your help. Best, Dave On 12 dec 2009, at 10:41, Torsten Thau wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi Dave,
LDAP is working and when i use a username without DOMAIN\ the user login is successful.
SSO is not working. When i add the following lines in my Config.pm for SSO
$Self->{'AuthModule'} = 'Kernel::System::Auth::HTTPBasicAuth';
Login failed. And following entries are written in the log.
Sat Dec 12 10:07:02 2009 error OTRS-CGI-10 Need UserLogin or UserID! Sat Dec 12 10:07:02 2009 notice OTRS-CGI-10 User: No $ENV{REMOTE_USER} or $ENV{HTTP_REMOTE_USER} !(REMOTE_ADDR: xxx.xxx.xxx.xxx).
Does anyone have any idea what the problem can be..?
where does your authentication take place? Do you use some BasicAuth mechanism on the same webserver, in a way that the above mentioned environment variables are filled? It doesn't look like...
regards, T.
- -- Torsten Thau, Dipl. Inform. c.a.p.e. IT Labs GbR - Annaberger Str. 240 - D-09125 Chemnitz phone: +49 371 5347 623 cell: +49 176 66 680 680 personal pgp-key: 0x93E0A174 fax: +49 371 5347 625 http://www.cape-it.de -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAksjZSgACgkQvXo8m5PgoXQFPwCggyQ1auKHm9OV/bt/pcz3sPir QyoAn0uju4VaT47MozcDPiN4uJCdGfmm =oYA9 -----END PGP SIGNATURE----- --------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Dave,
I just found out that when i enable this rule the complete login is not working anymore. also manually it's now not possible to login.
$Self->{'AuthModule'} = 'Kernel::System::Auth::HTTPBasicAuth';
I guess your LDAP-Authenticationbackend is also named "$Self->{'AuthModule'}" (a few lines of your Config.pm would be helpful to analyze the problem)? If so, activating HTTPBasicAuth disables LDAP-Authentication. Using SSO via HTTPBasicAuth requires the user to be authenticated BEFORE accessing ../otrs/index.pl. The authentication needs to be done by the webserver before (e.g. by configuring the webserver to to a basic auth agains a usr-password-file or an LDAP). But then it's thejob of the webservers administrator to configure a working authentication. The authentication itself is not done by OTRS then anymore. However you can use more than one authentication backend. Just name your LDAP-auth backend $Self->{'AuthModule1'} (and update all corresponding config values as well). OTRS will check first for HTTPBasicAuth and if this fails will offer you the possibility for a manual authentication.
When i try to login automatically with SSO it's not working and the following entries are written in the log: Sat Dec 12 11:14:11 2009 error OTRS-CGI-10 Need UserLogin or UserID! Sat Dec 12 11:14:11 2009 notice OTRS-CGI-10 User: No $ENV{REMOTE_USER} or $ENV{HTTP_REMOTE_USER} !(REMOTE_ADDR: 10.20.203.100).
When i try to login with my credentials username/password manually these lines are also logged,... Sat Dec 12 11:14:31 2009 error OTRS-CGI-10 Need UserLogin or UserID! Sat Dec 12 11:14:31 2009 notice OTRS-CGI-10 User: No $ENV{REMOTE_USER} or $ENV{HTTP_REMOTE_USER} !(REMOTE_ADDR: 10.20.203.100).
When i disable the "$Self->{'AuthModule'} = 'Kernel::System::Auth::HTTPBasicAuth';" rule again i can login manually...
regards, T. - -- Torsten Thau, Dipl. Inform. c.a.p.e. IT Labs GbR - Annaberger Str. 240 - D-09125 Chemnitz phone: +49 371 5347 623 cell: +49 176 66 680 680 personal pgp-key: 0x93E0A174 fax: +49 371 5347 625 http://www.cape-it.de -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAksjc1sACgkQvXo8m5PgoXTNXgCghCcNGXuUkKa5Hz2lNY0wNwLC N78An2z0qZtl6aT+ofMenSAFPzgcnP1R =iubk -----END PGP SIGNATURE-----
Hi Torsten Thanks for your reply and info. I incorrectly understood the functionality of this HTTPBasicAuth. My idea was that I created the right setup for authentication in Perl but i didn't want my user to manually put in their credentials into the boxes and therefore wanted to let them login automatically authenticated against the LDAP (and i thought it was done by perl). If i correctly understand is right now HTTPBasicAuth is the Apache authentication. What's the best setup if i want that Agent's can login automatically with their AD credentials and they do not have to enter anything manually? Thanks in advance. Best, Dave On 12 dec 2009, at 11:41, Torsten Thau wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi Dave,
I just found out that when i enable this rule the complete login is not working anymore. also manually it's now not possible to login.
$Self->{'AuthModule'} = 'Kernel::System::Auth::HTTPBasicAuth';
I guess your LDAP-Authenticationbackend is also named "$Self->{'AuthModule'}" (a few lines of your Config.pm would be helpful to analyze the problem)? If so, activating HTTPBasicAuth disables LDAP-Authentication. Using SSO via HTTPBasicAuth requires the user to be authenticated BEFORE accessing ../otrs/index.pl. The authentication needs to be done by the webserver before (e.g. by configuring the webserver to to a basic auth agains a usr-password-file or an LDAP). But then it's thejob of the webservers administrator to configure a working authentication. The authentication itself is not done by OTRS then anymore.
However you can use more than one authentication backend. Just name your LDAP-auth backend $Self->{'AuthModule1'} (and update all corresponding config values as well). OTRS will check first for HTTPBasicAuth and if this fails will offer you the possibility for a manual authentication.
When i try to login automatically with SSO it's not working and the following entries are written in the log: Sat Dec 12 11:14:11 2009 error OTRS-CGI-10 Need UserLogin or UserID! Sat Dec 12 11:14:11 2009 notice OTRS-CGI-10 User: No $ENV{REMOTE_USER} or $ENV{HTTP_REMOTE_USER} !(REMOTE_ADDR: 10.20.203.100).
When i try to login with my credentials username/password manually these lines are also logged,... Sat Dec 12 11:14:31 2009 error OTRS-CGI-10 Need UserLogin or UserID! Sat Dec 12 11:14:31 2009 notice OTRS-CGI-10 User: No $ENV{REMOTE_USER} or $ENV{HTTP_REMOTE_USER} !(REMOTE_ADDR: 10.20.203.100).
When i disable the "$Self->{'AuthModule'} = 'Kernel::System::Auth::HTTPBasicAuth';" rule again i can login manually...
regards, T.
- -- Torsten Thau, Dipl. Inform. c.a.p.e. IT Labs GbR - Annaberger Str. 240 - D-09125 Chemnitz phone: +49 371 5347 623 cell: +49 176 66 680 680 personal pgp-key: 0x93E0A174 fax: +49 371 5347 625 http://www.cape-it.de -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAksjc1sACgkQvXo8m5PgoXTNXgCghCcNGXuUkKa5Hz2lNY0wNwLC N78An2z0qZtl6aT+ofMenSAFPzgcnP1R =iubk -----END PGP SIGNATURE----- --------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/
participants (2)
-
Dave Lageweg -
Torsten Thau