Hello,
As title. Does OTRS (both community or paid) version support Azure SSO? or have plan to develop coming on?
Thanks!
Azure SSO
Moderator: crythias
-
root
- Administrator
- Posts: 3968
- Joined: 18 Dec 2007, 12:23
- Znuny Version: Znuny and Znuny LTS
- Real Name: Roy Kaldung
- Company: Znuny
- Contact:
Re: Azure SSO
Hi,
with Azure AD Seamless SSO it's possible to configure the Apache httpd Kerberos authentication.
- Roy
with Azure AD Seamless SSO it's possible to configure the Apache httpd Kerberos authentication.
- Roy
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?
Re: Azure SSO
Hi,
do you have more information about this? Example configs? Screenshots?
This would be very nice.
I was not able to use Azure 'til now
Flo
do you have more information about this? Example configs? Screenshots?
This would be very nice.
I was not able to use Azure 'til now
Flo
OTRS 8 SILVER (Prod)
OTRS 8 auf Debian 11 (Test)
Znuny 7.x latest version testing auf Debian 11
-- Ich beantworte keine Forums-Fragen PN - No PN please
I won't answer to unfriendly users any more. A greeting and regards are just polite.
OTRS 8 auf Debian 11 (Test)
Znuny 7.x latest version testing auf Debian 11
-- Ich beantworte keine Forums-Fragen PN - No PN please
I won't answer to unfriendly users any more. A greeting and regards are just polite.
-
josy1024
- Znuny newbie
- Posts: 5
- Joined: 08 Nov 2012, 17:53
- Znuny Version: 3.1.10
- Real Name: Josef Lahmer
- Company: gugler gmbh
Re: Azure SSO
i'v provided a free to use AzureAd http authentication plugin for OTRS:
(its mainly the http authentication plugin with custom azure specific env vars)
https://gist.github.com/josy1024/84853e ... eadauth-pm
Features:
* SSO authentication for AzureAd APACHE + Passing loginname to OTRS
the big steps:
what you have to do:
1) getting apache + mod_auth_openidc working (tested apache SSO azure auth on php setup) <= google and find
(https://curity.io/resources/tutorials/h ... h-openidc/)
2) getting apache perl working (/opt/otrs/bin/cgi-bin/azureadenv.pl) script:
https://gist.github.com/josy1024/aa2537 ... 85afcec8ce
the OIDC_CLAIM_upn variable seems working for me
3) copy AzureADAuth and change authmodule to AzureADAuth in config.pm
https://gist.github.com/josy1024/aa2537 ... 85afcec8ce
# $Self->{'AuthModule'} = 'Kernel::System::Auth::AzureADAuth';
# SOURCE: copy from HTTPBasicAuth.pm from OTRS6
# Place FILE IN: /opt/otrs/Kernel/System/Auth
# TESTED ENV CENTOS7 OTRS6
# mod_auth_openidc.x86_64 1.8.8-5.el7 @base
# httpd.x86_64 2.4.6-93.el7.centos
# mod_perl.x86_64 2.0.10-3.el7 @epel
# mod_ssl.x86_64 1:2.4.6-93.el7.centos
# Note:
#
# If you use this module, you should use as fallback the following
# config settings:
# 1) setup and configure apache + mod_auth_openidc
# 2) TEST ENV VARIABLES: https://gist.github.com/josy1024/aa2537 ... 85afcec8ce
# 3) Change config.pm: $Self->{'AuthModule'} = 'Kernel::System::Auth::AzureADAuth';
# --
https://gist.github.com/josy1024/84853e ... eadauth-pm
azure AD integration with OTRS
(its mainly the http authentication plugin with custom azure specific env vars)
https://gist.github.com/josy1024/84853e ... eadauth-pm
Features:
* SSO authentication for AzureAd APACHE + Passing loginname to OTRS
the big steps:
what you have to do:
1) getting apache + mod_auth_openidc working (tested apache SSO azure auth on php setup) <= google and find
(https://curity.io/resources/tutorials/h ... h-openidc/)
2) getting apache perl working (/opt/otrs/bin/cgi-bin/azureadenv.pl) script:
https://gist.github.com/josy1024/aa2537 ... 85afcec8ce
the OIDC_CLAIM_upn variable seems working for me
3) copy AzureADAuth and change authmodule to AzureADAuth in config.pm
https://gist.github.com/josy1024/aa2537 ... 85afcec8ce
# $Self->{'AuthModule'} = 'Kernel::System::Auth::AzureADAuth';
# SOURCE: copy from HTTPBasicAuth.pm from OTRS6
# Place FILE IN: /opt/otrs/Kernel/System/Auth
# TESTED ENV CENTOS7 OTRS6
# mod_auth_openidc.x86_64 1.8.8-5.el7 @base
# httpd.x86_64 2.4.6-93.el7.centos
# mod_perl.x86_64 2.0.10-3.el7 @epel
# mod_ssl.x86_64 1:2.4.6-93.el7.centos
# Note:
#
# If you use this module, you should use as fallback the following
# config settings:
# 1) setup and configure apache + mod_auth_openidc
# 2) TEST ENV VARIABLES: https://gist.github.com/josy1024/aa2537 ... 85afcec8ce
# 3) Change config.pm: $Self->{'AuthModule'} = 'Kernel::System::Auth::AzureADAuth';
# --
https://gist.github.com/josy1024/84853e ... eadauth-pm
azure AD integration with OTRS
OTRS 3.1.X, OTRS::ITSM 3.1.6 , auth-openldap, customer-openldap, FAQ, Iphone, centos, mysql 5.5
-
root
- Administrator
- Posts: 3968
- Joined: 18 Dec 2007, 12:23
- Znuny Version: Znuny and Znuny LTS
- Real Name: Roy Kaldung
- Company: Znuny
- Contact:
Re: Azure SSO
Hi,
Nice, but I wonder why not using SAML authentication with Azure? It saves the self-maintained perl code. Or at least use mod_env/mod_rewrite to copy the values of the OIDC_ variable into REMOTE_USER?
- Roy
Nice, but I wonder why not using SAML authentication with Azure? It saves the self-maintained perl code. Or at least use mod_env/mod_rewrite to copy the values of the OIDC_ variable into REMOTE_USER?
- Roy
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?