Znuny and ((OTRS)) Community Edition

Have you set up the /opt/otrs/Kernel/Config.pm file like I did above, with the ReturnTo URL parameters?

I resolved this by creating a new OAuth2 connection and migrating the Postmaster Mail Accounts over to it.

Getting this error and don't know how to resolve it without deleting the entire integration and setting it up again: Message: Response for request for token config with ID 1 and request type 'TokenByAuthorizationCode' was not '200 OK'. invalid_grant (error code 54005): AADSTS54005: OAuth2 Authorizat...

Going to learn how to debug Znuny and dive in...

The proxy modifies all URLs and cookies in real time before sending them to the web server, so this shouldn't be an issue.

If you're interested: https://learn.microsoft.com/en-us/defen ... trol-works

Okay I've confirmed that the correct username is being passed for all requests in the Remote User variable (LogFormat %u), so this isn't the issue.

Actually I just realised that it's likely that auth_mellon isn't passing the username to Znuny correctly and that's why it's redirecting to the authentication page repeatedly. I'll look into this now and try to debug.

Roy, Thanks a million for helping look into this. I think I've found a key piece of evidence when going through the CASB solution: Znuny-javascript-and-Browser-error.png Those 302 redirects obviously don't show when loading directly. So I fired up mod_forensic and looked at the request parameters fo...

Thanks Roy, So from what I understand Znuny can never with with a CASB reverse proxy in front of it, as I understand all CASB session control reverse proxies use one generated FQDN for external traffic from the browser to the proxy and the original service FQDN for "internal" traffic from ...

I'm trying to use Microsoft Defender for Cloud Apps Conditional Access App Control (MDCA CAAC) CASB solution (also called MCAS session control). I'm already using Mellon auth for Azure AD authentication on the Apache server which works fine. CAAC is supposed to work seamlessly with most web interfac...

Hey, Is it possible to create a report/statistic that shows progress of child tickets per parent ticket? Use case: I have a queue set up called "Risk Register" and have parent risks as individual tickets here. Each has a number of child tickets and I'd like the Y axis to be the ticket subj...

I had the same problem setting it up. The resolution for me was that I needed to allow IMAP on my own user account through admin.microsoft.com and "email apps" setting on my user (as I had authenticated). Hope this helps someone.

For future visitors: cat /etc/apache2/conf-enabled/auth_mellon.conf <location /> MellonSPPrivateKeyFile /etc/apache2/mellon/mellon.key MellonSPCertFile /etc/apache2/mellon/mellon.cert MellonSPMetadataFile /etc/apache2/mellon/mellon_metadata.xml MellonIdPMetadataFile /etc/apache2/mellon/AzureAD_metad...

Didn't spot the mellon config in /etc/apache2/conf-enabled/zzz_znuny.conf also, removed that.

Works perfectly now, thanks!

With the server name redacted: cat /etc/apache2/conf-enabled/auth_mellon.conf <location /znuny/index.pl> MellonSPPrivateKeyFile /etc/apache2/mellon/mellon.key MellonSPCertFile /etc/apache2/mellon/mellon.cert MellonSPMetadataFile /etc/apache2/mellon/mellon_metadata.xml MellonIdPMetadataFile /etc/apac...

No luck Roy, If I change the apache conf file to use that location then for ALL requests I get an apache error of: [Thu May 11 08:40:52.513712 2023] [auth_mellon:error] [pid 1226] [client w.x.y.z:55522] Error, URI "/mellon/login" has no IdP's defined, referer: https://securityissues.viotas...

I'll give that a go Roy, thanks.

Sorry, I was not clear. I only want SAML for Agents, the customer portal will be public facing and no SSO is required. Therefore the mod_mellon_auth isn't right for me in the long run (as it enforces SSO on both Agent and Customer portals) and hence why I'm still looking to patch the "otrs-saml...

Okay I've set that up now and it works fine for Agent logins but not for customers. I will need customer portal to work in the future, so I still think the SAML module is a better and easier to deploy solution.

Any help with it from anyone would be appreciated, hopefully it's an easy fix.

Hey all, I've done a little module dev before but it was a long time ago. I'm trying to get this OTRS 5 plug-in working on Znuny 7.0 authenticating to Azure AD: https://github.com/restena-ma/otrs-saml2sp/ I've debugged and resolved a few issues and it's now redirecting, authenticating and returning ...