Search found 20 matches
- 03 Apr 2024, 10:50
- Forum: Developers
- Topic: Trying to fix SAML module "otrs-saml2sp" for 7.0
- Replies: 18
- Views: 7409
Re: Trying to fix SAML module "otrs-saml2sp" for 7.0
Have you set up the /opt/otrs/Kernel/Config.pm file like I did above, with the ReturnTo URL parameters?
- 25 Oct 2023, 16:44
- Forum: Help
- Topic: OAuth2 token refresh issue to Azure AD
- Replies: 2
- Views: 1949
Re: OAuth2 token refresh issue to Azure AD
I resolved this by creating a new OAuth2 connection and migrating the Postmaster Mail Accounts over to it.
- 18 Oct 2023, 17:10
- Forum: Help
- Topic: OAuth2 token refresh issue to Azure AD
- Replies: 2
- Views: 1949
OAuth2 token refresh issue to Azure AD
Getting this error and don't know how to resolve it without deleting the entire integration and setting it up again: Message: Response for request for token config with ID 1 and request type 'TokenByAuthorizationCode' was not '200 OK'. invalid_grant (error code 54005): AADSTS54005: OAuth2 Authorizat...
- 27 Jul 2023, 13:40
- Forum: Help
- Topic: Redirect loop when using defender for cloud apps application control (reverse proxy)
- Replies: 9
- Views: 1200
Re: Redirect loop when using defender for cloud apps application control (reverse proxy)
Going to learn how to debug Znuny and dive in...
- 27 Jul 2023, 13:29
- Forum: Help
- Topic: Redirect loop when using defender for cloud apps application control (reverse proxy)
- Replies: 9
- Views: 1200
Re: Redirect loop when using defender for cloud apps application control (reverse proxy)
The proxy modifies all URLs and cookies in real time before sending them to the web server, so this shouldn't be an issue.
If you're interested: https://learn.microsoft.com/en-us/defen ... trol-works
If you're interested: https://learn.microsoft.com/en-us/defen ... trol-works
- 27 Jul 2023, 12:31
- Forum: Help
- Topic: Redirect loop when using defender for cloud apps application control (reverse proxy)
- Replies: 9
- Views: 1200
Re: Redirect loop when using defender for cloud apps application control (reverse proxy)
Okay I've confirmed that the correct username is being passed for all requests in the Remote User variable (LogFormat %u), so this isn't the issue.
- 27 Jul 2023, 12:23
- Forum: Help
- Topic: Redirect loop when using defender for cloud apps application control (reverse proxy)
- Replies: 9
- Views: 1200
Re: Redirect loop when using defender for cloud apps application control (reverse proxy)
Actually I just realised that it's likely that auth_mellon isn't passing the username to Znuny correctly and that's why it's redirecting to the authentication page repeatedly. I'll look into this now and try to debug.
- 27 Jul 2023, 12:09
- Forum: Help
- Topic: Redirect loop when using defender for cloud apps application control (reverse proxy)
- Replies: 9
- Views: 1200
Re: Redirect loop when using defender for cloud apps application control (reverse proxy)
Roy, Thanks a million for helping look into this. I think I've found a key piece of evidence when going through the CASB solution: Znuny-javascript-and-Browser-error.png Those 302 redirects obviously don't show when loading directly. So I fired up mod_forensic and looked at the request parameters fo...
- 26 Jul 2023, 11:33
- Forum: Help
- Topic: Redirect loop when using defender for cloud apps application control (reverse proxy)
- Replies: 9
- Views: 1200
Re: Redirect loop when using defender for cloud apps application control (reverse proxy)
Thanks Roy, So from what I understand Znuny can never with with a CASB reverse proxy in front of it, as I understand all CASB session control reverse proxies use one generated FQDN for external traffic from the browser to the proxy and the original service FQDN for "internal" traffic from ...
- 19 Jun 2023, 15:20
- Forum: Help
- Topic: Redirect loop when using defender for cloud apps application control (reverse proxy)
- Replies: 9
- Views: 1200
Redirect loop when using defender for cloud apps application control (reverse proxy)
I'm trying to use Microsoft Defender for Cloud Apps Conditional Access App Control (MDCA CAAC) CASB solution (also called MCAS session control). I'm already using Mellon auth for Azure AD authentication on the Apache server which works fine. CAAC is supposed to work seamlessly with most web interfac...
- 23 May 2023, 17:03
- Forum: Help
- Topic: Child progress per ticket statistic
- Replies: 0
- Views: 754
Child progress per ticket statistic
Hey, Is it possible to create a report/statistic that shows progress of child tickets per parent ticket? Use case: I have a queue set up called "Risk Register" and have parent risks as individual tickets here. Each has a number of child tickets and I'd like the Y axis to be the ticket subj...
- 18 May 2023, 18:26
- Forum: Help
- Topic: MS 365 IMAP oAuth2 seems to be broken since upgrade to 6.4.2
- Replies: 3
- Views: 2745
Re: MS 365 IMAP oAuth2 seems to be broken since upgrade to 6.4.2
I had the same problem setting it up. The resolution for me was that I needed to allow IMAP on my own user account through admin.microsoft.com and "email apps" setting on my user (as I had authenticated). Hope this helps someone.
- 11 May 2023, 11:31
- Forum: Developers
- Topic: Trying to fix SAML module "otrs-saml2sp" for 7.0
- Replies: 18
- Views: 7409
Re: Trying to fix SAML module "otrs-saml2sp" for 7.0
For future visitors: cat /etc/apache2/conf-enabled/auth_mellon.conf <location /> MellonSPPrivateKeyFile /etc/apache2/mellon/mellon.key MellonSPCertFile /etc/apache2/mellon/mellon.cert MellonSPMetadataFile /etc/apache2/mellon/mellon_metadata.xml MellonIdPMetadataFile /etc/apache2/mellon/AzureAD_metad...
- 11 May 2023, 11:30
- Forum: Developers
- Topic: Trying to fix SAML module "otrs-saml2sp" for 7.0
- Replies: 18
- Views: 7409
Re: Trying to fix SAML module "otrs-saml2sp" for 7.0
Didn't spot the mellon config in /etc/apache2/conf-enabled/zzz_znuny.conf also, removed that.
Works perfectly now, thanks!
Works perfectly now, thanks!
- 11 May 2023, 11:13
- Forum: Developers
- Topic: Trying to fix SAML module "otrs-saml2sp" for 7.0
- Replies: 18
- Views: 7409
Re: Trying to fix SAML module "otrs-saml2sp" for 7.0
With the server name redacted: cat /etc/apache2/conf-enabled/auth_mellon.conf <location /znuny/index.pl> MellonSPPrivateKeyFile /etc/apache2/mellon/mellon.key MellonSPCertFile /etc/apache2/mellon/mellon.cert MellonSPMetadataFile /etc/apache2/mellon/mellon_metadata.xml MellonIdPMetadataFile /etc/apac...
- 11 May 2023, 10:44
- Forum: Developers
- Topic: Trying to fix SAML module "otrs-saml2sp" for 7.0
- Replies: 18
- Views: 7409
Re: Trying to fix SAML module "otrs-saml2sp" for 7.0
No luck Roy, If I change the apache conf file to use that location then for ALL requests I get an apache error of: [Thu May 11 08:40:52.513712 2023] [auth_mellon:error] [pid 1226] [client w.x.y.z:55522] Error, URI "/mellon/login" has no IdP's defined, referer: https://securityissues.viotas...
- 11 May 2023, 10:24
- Forum: Developers
- Topic: Trying to fix SAML module "otrs-saml2sp" for 7.0
- Replies: 18
- Views: 7409
Re: Trying to fix SAML module "otrs-saml2sp" for 7.0
I'll give that a go Roy, thanks.
- 10 May 2023, 12:27
- Forum: Developers
- Topic: Trying to fix SAML module "otrs-saml2sp" for 7.0
- Replies: 18
- Views: 7409
Re: Trying to fix SAML module "otrs-saml2sp" for 7.0
Sorry, I was not clear. I only want SAML for Agents, the customer portal will be public facing and no SSO is required. Therefore the mod_mellon_auth isn't right for me in the long run (as it enforces SSO on both Agent and Customer portals) and hence why I'm still looking to patch the "otrs-saml...
- 10 May 2023, 11:45
- Forum: Developers
- Topic: Trying to fix SAML module "otrs-saml2sp" for 7.0
- Replies: 18
- Views: 7409
Re: Trying to fix SAML module "otrs-saml2sp" for 7.0
Okay I've set that up now and it works fine for Agent logins but not for customers. I will need customer portal to work in the future, so I still think the SAML module is a better and easier to deploy solution.
Any help with it from anyone would be appreciated, hopefully it's an easy fix.
Any help with it from anyone would be appreciated, hopefully it's an easy fix.
- 09 May 2023, 17:20
- Forum: Developers
- Topic: Trying to fix SAML module "otrs-saml2sp" for 7.0
- Replies: 18
- Views: 7409
Trying to fix SAML module "otrs-saml2sp" for 7.0
Hey all, I've done a little module dev before but it was a long time ago. I'm trying to get this OTRS 5 plug-in working on Znuny 7.0 authenticating to Azure AD: https://github.com/restena-ma/otrs-saml2sp/ I've debugged and resolved a few issues and it's now redirecting, authenticating and returning ...