Thank you for your help and feedback, I do appreciate it.
----- Original Message ----- From: "Gerald Young" <cryth...@gmail.com> To: "User questions and discussions about OTRS." <otrs@otrs.org> Sent: Wednesday, February 5, 2014 11:56:15 AM Subject: Re: [otrs] Cookies in AuthModule Please note that you're looking at a specific way that you want to use software to authenticate, but there are alternative ways to do what you want that do not involve setting cookies. Note that setting cookies may not work for some browsers, and isn't necessarily a secure way if you're trying SSO if someone can steal or read your cookies. Can an authmodule set cookies? Probably, But not as intended. An AuthModule is designed to return a allowed/not allowed (grossly reduced effective result) given a request because the requesting agent only expects such response. If you want to create a session cookie, that's a bit different, but handled after credentials are verified. Look at perldoc Kernel/System/AuthSession.pm (CreateSessionID) and perldoc Kernel/System/Web/Request.pm (SetCookie) I don't think I can be of much more help than this. On Tue, Feb 4, 2014 at 8:46 PM, Kristofer Pettijohn < kristo...@cybernetik.net > wrote: I looked into this, and it will not work. The mod_crowd module does not allow you to adjust the name of the cookie that is used (uses crowd.token_key instead of crowd_token_key). All I need to be able to do is set a cookie key directly from an authentication module. Is that not possible? From: "Gerald Young" < cryth...@gmail.com > To: "User questions and discussions about OTRS." < otrs@otrs.org > Sent: Tuesday, February 4, 2014 5:13:47 PM Subject: Re: [otrs] Cookies in AuthModule Don't overlook that OTRS has a LoginURL and a LogoutURL, (Core Framework Frontend::Customer and Frontend::Agent) which means what it says on the box.. Brand that to your heart's content or use Crowd or ... as you like it. On Tue, Feb 4, 2014 at 4:24 PM, Kristofer Pettijohn < kristo...@cybernetik.net > wrote: <blockquote> Thank you for your response. I wanted the OTRS login page so we could brand it. I am going to give HTTPBasicAuth + mod_crowd a try after hours when I can break things without getting spanked. From: "Gerald Young" < cryth...@gmail.com > To: "User questions and discussions about OTRS." < otrs@otrs.org > Sent: Tuesday, February 4, 2014 1:21:30 PM Subject: Re: [otrs] Cookies in AuthModule >From a search , the second entry I found (PDF, viewable through Google Cache) >indicates using HTTPBasicAuth should work . Your results may vary. On Tue, Feb 4, 2014 at 1:14 PM, Kristofer Pettijohn < kristo...@cybernetik.net > wrote: <blockquote> Hello, I want to create an AuthModule that authenticates against Atlassian Crowd so that we can utilize our internal SSO. The only requirement I am missing that I cannot seem to find is: can I get/set cookies from within an AuthModule? Crowd has a session cookie with a token value to verify a session, and likewise, if we authenticate the user inside of OTRS, we will need to set the cookie with the token value so that other applications can see it. Is this possible from within AuthModule? --------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs --------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs --------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs </blockquote> --------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs --------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs </blockquote> --------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
