Yes, I've made SSO with LDAP/AD work, and when it does, it's so cool. It's a REAL pain (to me) to get it to work properly. http://forums.otterhub.org/viewtopic.php?t=15422&p=59264#p77684
Note that you'll desire (likely) to use SSL in conjunction. >I notice the link you provided uses RADIUS for authentication instead of the others I pointed to that use Kerberos. Would you say that this is a simpler and more supported way of handling the SSO issue? I would love to say, "Yes" and "I've tried it." As a SSO, not as implemented, because the module isn't set with "PreAuth=>1" (externally authenticated before asking for credentials.) RADIUS is good for authentication back end, if user provides creds. However, if you take a look, perhaps, at mod_auth_radius, it might be usable. What would I do? I'd protect a test folder and troubleshoot that folder. If I can web to http://myserver/protected/helloworld.html and I know it's protected, I can apply what I've learned to OTRS. On Tue, May 13, 2014 at 11:30 AM, Marty Hillman <mhill...@equuscs.com>wrote: > Thanks Gerald. I know you do always come through with help. :) > > > > I notice the link you provided uses RADIUS for authentication instead of > the others I pointed to that use Kerberos. Would you say that this is a > simpler and more supported way of handling the SSO issue? > > > > I have LDAP integration with AD, so passwords work, but the question > always comes up of “why can’t it just recognize me and take me to the > page?” I find that to be a little trickier when integrating Linux into the > Windows environment to the point that it scares me that I will crash my > production system when trying. RADIUS would definitely be the simpler > solution in my opinion to the mod_auth_kerb solution, but I value your > opinion on the matter because it seems as though you have some familiarity > in this regard. > > > > Thanks again! > > > > P.S. Yes or no are indeed the expected answers. ;) > > > > *From:* Gerald Young [mailto:cryth...@gmail.com] > *Sent:* Tuesday, May 13, 2014 9:51 AM > > *To:* User questions and discussions about OTRS. > *Subject:* Re: [otrs] SSO > > > > > I find a simple "yes" to be such a helpful response. *sarcasm off* > > See, :) And look what happened. The post had been sitting for a week, I > say "Yes" and then everyone pipes in... > > > > First, the question was answered because the question could only be > answered with a Yes or No. > > > > Second, nobody here pointed to the docs for external authentication. > > > http://otrs.github.io/doc/manual/admin/3.3/en/html/external-backends.html#customer-auth-backend-httpbasic > > > > I don't mind providing more information, but the question has to be > better. Like, "How do I provide a way for [specific portal software] to > provide external authentication to OTRS?" Instead, we have, "Is there an > API ..." Sure, there's an API. But there's no practical way to answer the > question as asked. > > > > With stock OTRS, the only way to externally authenticate is via > HTTPBasicAuth. Single Sign On is a bit more complicated to answer for an > unknown entity. > > > > > > On Tue, May 13, 2014 at 10:14 AM, Marty Hillman <mhill...@equuscs.com> > wrote: > > I find a simple "yes" to be such a helpful response. *sarcasm off* > > > > I have been looking for the same solution for some time and have run > across a few articles which provide some hints at how to get this done. > > > > http://osdir.com/ml/otrs.devel/2008-06/msg00005.html - indicates that > this is a combination between mod_auth_kerb and the configuration of > HTTPBasicAuth, but does not specify which files specifically should be > modified nor detailed instructions. > > > > http://forums.otterhub.org/viewtopic.php?f=81&t=15422 provides a more > detailed example of how to do this. This appears to be the most promising > lead for me. One of the more helpful links was > http://ingenious-excerpts.blogspot.fr/2011/08/apache-on-linux-and-single-sign-on-with.html > assuming you do not already have samba configured on your linux box. > > > > https://www.mail-archive.com/otrs@otrs.org/msg29983.html appears to be a > much more detailed effort at defining how to do this. > > > > I have not tried any of these methods yet, but am going to try the last > one as it looks more complete. Let me know if any of them work for you. > > > > Marty > > > > *From:* Gerald Young [mailto:cryth...@gmail.com] > *Sent:* Sunday, May 11, 2014 8:10 AM > *To:* User questions and discussions about OTRS. > *Subject:* Re: [otrs] SSO > > > > >Is there an API function where I can obtain a token of some sort for a > specific username and add the token to a URL which will allow me to > redirect the user into OTRS while allowing them to bypass the login prompt? > > Yes. > > Hello, > > > > We have a central portal that users are logged into. I currently have the > portal pulling a list of the users recent OTRS tickets and a link which > directs them into OTRS. However, they have to log into OTRS using their > username and password. > > > > Is there an API function where I can obtain a token of some sort for a > specific username and add the token to a URL which will allow me to > redirect the user into OTRS while allowing them to bypass the login prompt? > > > > Thanks, > > Kris > > > > > --------------------------------------------------------------------- > OTRS mailing list: otrs - Webpage: http://otrs.org/ > Archive: http://lists.otrs.org/pipermail/otrs > To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs > > > --------------------------------------------------------------------- > OTRS mailing list: otrs - Webpage: http://otrs.org/ > Archive: http://lists.otrs.org/pipermail/otrs > To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs > > > > --------------------------------------------------------------------- > OTRS mailing list: otrs - Webpage: http://otrs.org/ > Archive: http://lists.otrs.org/pipermail/otrs > To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs >
--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
