Hi there, Martin Edenhofer provided us with an authentication perl module stored under
/otrs/Kernel/System/CustomerAuth/XYZAuth.pm which we customized to our infrastructure: # -- # Kernel/System/CustomerAuth/XYZAuth.pm - provides the connect to a single sign-on # Copyright (C) 2001-2004 Martin Edenhofer <[EMAIL PROTECTED]> # -- # $Id: HTTPBasicAuth.pm,v 1.2 2004/08/10 10:31:56 martin Exp $ # -- # This software comes with ABSOLUTELY NO WARRANTY. For details, see # the enclosed file COPYING for license information (GPL). If you # did not receive this file, see http://www.gnu.org/licenses/gpl.txt. # -- package Kernel::System::CustomerAuth::XYZAuth; use strict; use DBI; use vars qw($VERSION); $VERSION = '$Revision: 1.2 $'; $VERSION =~ s/^\$.*:\W(.*)\W.+?$/$1/; # -- sub new { my $Type = shift; my %Param = @_; # allocate new hash for object my $Self = {}; bless ($Self, $Type); # check needed objects foreach (qw(LogObject ConfigObject DBObject)) { $Self->{$_} = $Param{$_} || die "No $_!"; } # Debug 0=off 1=on $Self->{Debug} = 0; $Self->{Type} = $Self->{ConfigObject}->Get('Customer::AuthModule::XYZAuth::Type'); # Actually only mysql is supported if ($Self->{Type} ne 'mysql') { $Self->{Type} = 'mysql'; } $Self->{Host} = $Self->{ConfigObject}->Get('Customer::AuthModule::XYZAuth::Host'); $Self->{Port} = $Self->{ConfigObject}->Get('Customer::AuthModule::XYZAuth::Port'); if ($Self->{Port} eq '') { $Self->{Port} = 3306; } $Self->{Database} = $Self->{ConfigObject}->Get('Customer::AuthModule::XYZAuth::Database'); $Self->{User} = $Self->{ConfigObject}->Get('Customer::AuthModule::XYZAuth::User'); $Self->{Password} = $Self->{ConfigObject}->Get('Customer::AuthModule::XYZAuth::Password'); $Self->{DSN} = "DBI:".$Self->{Type}.":database=".$Self->{Database}.":host=".$Self->{Hos t}.":port=".$Self->{Port}; return $Self; } # -- sub GetOption { my $Self = shift; my %Param = @_; # check needed stuff if (!$Param{What}) { $Self->{LogObject}->Log(Priority => 'error', Message => "Need What!"); return; } # module options my %Option = ( PreAuth => 1, ); # return option return $Option{$Param{What}}; } # -- sub Auth { my $Self = shift; my %Param = @_; my $sth; my $dbh; my $sql; my @row; my $ValidUser; my $RemoteAddr = $ENV{REMOTE_ADDR} || 'Got no REMOTE_ADDR env!'; # check needed stuff if (!$Param{User}) { $Self->{LogObject}->Log(Priority => 'error', Message => "Need Session ID!"); return; } # do some lookups in other sources # analyze session key and get the user from db if ($dbh = DBI->connect($Self->{DSN}, $Self->{User}, $Self->{Password})) { $sql = "SELECT user FROM session_data WHERE sid='".$Param{User}."'"; $sth = $dbh->prepare($sql); if ($sth->execute()) { if (@row = $sth->fetchrow_array()) { $ValidUser = $row[0]; } else { $ValidUser = ''; } } else { $ValidUser = 'ERROR'; } } else { $ValidUser = 'ERROR'; } # return valid user if ($ValidUser eq 'ERROR') { $Self->{LogObject}->Log( Priority => 'notice', Message => "User: Database error while authenticating!(REMOTE_ADDR: $RemoteAddr).", ); return; } elsif ($ValidUser) { my $User = $ValidUser; $Self->{LogObject}->Log( Priority => 'notice', Message => "User: $ValidUser authentification ok (REMOTE_ADDR: $RemoteAddr).", ); return $ValidUser; } else { $Self->{LogObject}->Log( Priority => 'notice', Message => "User: No valid user found!(REMOTE_ADDR: $RemoteAddr).", ); return; } if ($dbh) { $dbh->disconnect(); } } # -- 1; The following lines have been added as the authentication method in Config.pm: # external customer-authentication for intranet systems $Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::XYZAuth'; $Self->{'Customer::AuthModule::XYZAuth::Type'} = 'mysql'; $Self->{'Customer::AuthModule::XYZAuth::Host'} = 'localhost'; $Self->{'Customer::AuthModule::XYZAuth::Port'} = '3306'; $Self->{'Customer::AuthModule::XYZAuth::Database'} = 'dbname'; $Self->{'Customer::AuthModule::XYZAuth::User'} = 'username'; $Self->{'Customer::AuthModule::XYZAuth::Password'} = 'pw'; Now the customer.pl is called liked that: https://localhost/otrs/customer.pl?Action=Login&User=sid with sid being the php session id registered during intranet login. The sid is looked up in the mysql db and the user is fetched and passed to OTRS. This behaviour works well but now we have a small question. After a succesfull login, the original url https://localhost/otrs/customer.pl?User=sid is changed to https://localhost/otrs/customer.pl?CSID=id and OTRS defines the CSID. Is there a way to jump directly to the ticket report form (https://localhost/otrs/customer.pl?Action=CustomerMessage) including our sid and not the CSID? Or can I set OTRS to rely on external CSID? When I call the ticket report form with https://localhost/otrs/customer.pl?Action=CustomerMessage&User=sid I get an authentication error from OTRS. Best regards Stéphane Martin _______________________________________________ OTRS mailing list: dev - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/dev To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/dev
