Re: [otrs] Shibboleth for OTRS

[Rodney McDuff]

Hi Hugh

Hugh Kelley wrote:
> Has anyone implemented this for both agents and customers?
>   
Yes. See attached. Based on OTRS::ITSM 1.3.1 (Yeah its a bit old. Sue me)**

These patches are based off <http://developer.aaiedu.hr/faq/11.html>
which uses simplesamlphp

1) Config.patch
make sure these are setup for your site
    $Self->{'LoginURL'}
    $Self->{'LogoutURL'}
    $Self->{'CustomerPanelLoginURL'}
    $Self->{'CustomerPanelLogoutURL'}


example

    #
    # AgentUser authentication
    #
    ###########################
    $Self->{'AuthModule'} = 'Kernel::System::Auth::shibdAgentAuth';
    # Shibboleth agent authentication module
    $Self->{'LoginURL'} =
'https:/domain.com/Shibboleth.sso/DS?target=https%3A%2F%2Fdomain.com%2Fotrs%2Findex.pl';
    # Shibboleth SP logout URL
    $Self->{'LogoutURL'} =
'https://domain.com/Shibboleth.sso/Logout?return=https://domain.com/otrs/public.pl';

    #
    # CustomerUser authentication
    #
    ##############################
    $Self->{'Customer::AuthModule'} =
'Kernel::System::CustomerAuth::shibdCustomerAuth';
    # Shibboleth customer authentication module
    $Self->{'CustomerPanelLoginURL'} =
'https://domain.com/Shibboleth.sso/DS?target=https%3A%2F%2Fdomain.com%2Fotrs%2Fcustomer.pl';
    $Self->{'CustomerPanelPlainLoginURL'} =
'https://domain.com/otrs/customer.pl';
    # Shibboleth SP logout URL
    $Self->{'CustomerPanelLogoutURL'} =
'https://domain.com/Shibboleth.sso/Logout?return=https://domain.com/otrs/public.pl';



2) InterfaceAgent.pm.patch
This patch allows a customer to log into OTRS using the agent interface.
If you
are not an agent you will be redirected to the customer interface


3)shibdAgentAuth.patch, shibdCustomerAuth.patch, shibdCustomerData.patch


4) I use pretty normal shibb auth.
   
        <Location /otrs>
         AuthType shibboleth
        require shibboleth
         #ShibUseHeaders On #use environment varaibles.
        ShibRequireSession Off
       
        #ErrorDocument 403 /otrs/customer.pl
            ErrorDocument 403 /otrs/index.pl
            SetHandler  perl-script
            PerlResponseHandler ModPerl::Registry
            Options +ExecCGI
            PerlOptions +ParseHeaders
            PerlOptions +SetupEnv
            Order allow,deny
            Allow from all
       
        </Location>


> Does this solution support the auto time zone detection?
>   

Didn't know there was a OTRS auto time zone detection thingy.

> Does it work with the JSON interface (AKA iPhone module)?
>   

Never had an iphone so I can't comment.

-- 
Dr. Rodney G. McDuff                 |Ex ignorantia ad sapientiam
Manager, Strategic Technologies Group|    Ex luce ad tenebras
Information Technology Services      |
The University of Queensland         |
EMAIL: mcd...@its.uq.edu.au          |
TELEPHONE: +61 7 334 66898           |

shib-patches.tar.gz
Description: GNU Zip compressed data

---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs