Single Sign On (SSO) OTRS version 5 with AD
Moderator: crythias
-
- Znuny newbie
- Posts: 24
- Joined: 24 Feb 2017, 18:37
- Znuny Version: 5.0.16
- Real Name: Tom Stiffler
- Company: Concurrent Technology Corp.
Single Sign On (SSO) OTRS version 5 with AD
Thanks in advance for any help on this topic.
Here’s what I’ve done so far to try to get single sign-on (SSO) working with OTRS.
1) Created an AD object for the system, added a Service Principal Name (SPN) to the object.
2) Joined the Linux system to the domain and created a keytab file.
3) Installed mod_auth_kerb and configured accordingly:
<IfModule auth_kerb_module>
<Location />
AuthType Kerberos
AuthName "Windows Login"
Krb5Keytab /etc/krb5.keytab
KrbAuthRealms DOMAIN
KrbMethodNegotiate On
KrbVerifyKDC On
KrbMethodK5Passwd On
KrbLocalUserMapping Off
Require valid-user
</Location>
</IfModule>
4) Modified Kernel/Config.pm accordingly:
# Enable SSO
$Self->{'AuthModule'} = 'Kernel::System::Auth::HTTPBasicAuth';
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::HTTPBasicAuth';
$Self->{LoginURL} = '/not_authenticated.html';
$Self->{LogoutURL} = '/not_authenticated.html';
5) Restarted both Apache and OTRS.
Unfortunately, these steps are not permitting SSO to work with OTRS. I have confirmed that SSO is working with Apache (meaning I’m able to hit non-OTRS areas of the web server by authenticating with my AD credential). We can also see the user that’s being used in Apache (via the access_log, which is determined by HTTP authentication, in this case, mod_auth_kerb).
At this point, we need some pointers on what else we can try.
Here’s what I’ve done so far to try to get single sign-on (SSO) working with OTRS.
1) Created an AD object for the system, added a Service Principal Name (SPN) to the object.
2) Joined the Linux system to the domain and created a keytab file.
3) Installed mod_auth_kerb and configured accordingly:
<IfModule auth_kerb_module>
<Location />
AuthType Kerberos
AuthName "Windows Login"
Krb5Keytab /etc/krb5.keytab
KrbAuthRealms DOMAIN
KrbMethodNegotiate On
KrbVerifyKDC On
KrbMethodK5Passwd On
KrbLocalUserMapping Off
Require valid-user
</Location>
</IfModule>
4) Modified Kernel/Config.pm accordingly:
# Enable SSO
$Self->{'AuthModule'} = 'Kernel::System::Auth::HTTPBasicAuth';
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::HTTPBasicAuth';
$Self->{LoginURL} = '/not_authenticated.html';
$Self->{LogoutURL} = '/not_authenticated.html';
5) Restarted both Apache and OTRS.
Unfortunately, these steps are not permitting SSO to work with OTRS. I have confirmed that SSO is working with Apache (meaning I’m able to hit non-OTRS areas of the web server by authenticating with my AD credential). We can also see the user that’s being used in Apache (via the access_log, which is determined by HTTP authentication, in this case, mod_auth_kerb).
At this point, we need some pointers on what else we can try.
-
- Administrator
- Posts: 3968
- Joined: 18 Dec 2007, 12:23
- Znuny Version: Znuny and Znuny LTS
- Real Name: Roy Kaldung
- Company: Znuny
- Contact:
Re: Single Sign On (SSO) OTRS version 5 with AD
Did you get any error message from the otrs log?
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?
-
- Znuny newbie
- Posts: 24
- Joined: 24 Feb 2017, 18:37
- Znuny Version: 5.0.16
- Real Name: Tom Stiffler
- Company: Concurrent Technology Corp.
Re: Single Sign On (SSO) OTRS version 5 with AD
The only logs we’ve been finding anything in is /var/log/httpd/{access_log,error_log}. So far, neither have pointed us in the right direction.
-
- Administrator
- Posts: 3968
- Joined: 18 Dec 2007, 12:23
- Znuny Version: Znuny and Znuny LTS
- Real Name: Roy Kaldung
- Company: Znuny
- Contact:
Re: Single Sign On (SSO) OTRS version 5 with AD
what's the output of
Code: Select all
klist -k -t /etc/krb5.keytab
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?
-
- Znuny newbie
- Posts: 24
- Joined: 24 Feb 2017, 18:37
- Znuny Version: 5.0.16
- Real Name: Tom Stiffler
- Company: Concurrent Technology Corp.
Re: Single Sign On (SSO) OTRS version 5 with AD
: s45 4#; klist -k -t /etc/krb5.keytab
Keytab name: FILE:/etc/krb5.keytab
KVNO Timestamp Principal
---- ------------------- ------------------------------------------------------
5 04/19/2017 17:16:58 HTTP/s45.ctc.com@OUR.DOMAIN..
5 04/19/2017 17:16:58 HTTP/s45.ctc.com@OUR.DOMAIN..
5 04/19/2017 17:16:58 HTTP/s45.ctc.com@OUR.DOMAIN..
5 04/19/2017 17:16:58 HTTP/s45.ctc.com@OUR.DOMAIN..
5 04/19/2017 17:16:58 HTTP/s45.ctc.com@OUR.DOMAIN..
5 04/19/2017 17:16:58 HTTP/S45@OUR.DOMAIN
5 04/19/2017 17:16:58 HTTP/S45@OUR.DOMAIN
5 04/19/2017 17:16:58 HTTP/S45@OUR.DOMAIN
5 04/19/2017 17:16:58 HTTP/S45@OUR.DOMAIN
5 04/19/2017 17:16:58 HTTP/S45@OUR.DOMAIN
Keytab name: FILE:/etc/krb5.keytab
KVNO Timestamp Principal
---- ------------------- ------------------------------------------------------
5 04/19/2017 17:16:58 HTTP/s45.ctc.com@OUR.DOMAIN..
5 04/19/2017 17:16:58 HTTP/s45.ctc.com@OUR.DOMAIN..
5 04/19/2017 17:16:58 HTTP/s45.ctc.com@OUR.DOMAIN..
5 04/19/2017 17:16:58 HTTP/s45.ctc.com@OUR.DOMAIN..
5 04/19/2017 17:16:58 HTTP/s45.ctc.com@OUR.DOMAIN..
5 04/19/2017 17:16:58 HTTP/S45@OUR.DOMAIN
5 04/19/2017 17:16:58 HTTP/S45@OUR.DOMAIN
5 04/19/2017 17:16:58 HTTP/S45@OUR.DOMAIN
5 04/19/2017 17:16:58 HTTP/S45@OUR.DOMAIN
5 04/19/2017 17:16:58 HTTP/S45@OUR.DOMAIN
-
- Znuny newbie
- Posts: 1
- Joined: 13 Apr 2017, 10:44
- Znuny Version: 5.0.x
- Real Name: Algimantas
- Company: MSSL
Re: Single Sign On (SSO) OTRS version 5 with AD
Code: Select all
<IfModule mod_perl.c>
# Setup environment and preload modules
Perlrequire /opt/otrs/scripts/apache2-perl-startup.pl
# Reload Perl modules when changed on disk
PerlModule Apache2::Reload
PerlInitHandler Apache2::Reload
# general mod_perl2 options
<Location /otrs>
# ErrorDocument 403 /otrs/customer.pl
ErrorDocument 403 /otrs/index.pl
SetHandler perl-script
PerlResponseHandler ModPerl::Registry
Options +ExecCGI
PerlOptions +ParseHeaders
PerlOptions +SetupEnv
AuthType Kerberos
AuthName "Kerberos Login"
KrbAuthRealms REALM
Krb5Keytab /etc/krb5.keytab
KrbMethodNegotiate On
KrbSaveCredentials Off
KrbVerifyKDC Off
Require valid-user
</Location>
# mod_perl2 options for GenericInterface
<Location /otrs/nph-genericinterface.pl>
PerlOptions -ParseHeaders
</Location>
</IfModule>
<Directory "/opt/otrs/bin/cgi-bin/">
#AllowOverride None
AllowOverride All
Options +ExecCGI -Includes
AuthType Kerberos
AuthName "Kerberos Login"
KrbAuthRealms REALM
Krb5Keytab /etc/krb5.keytab
KrbMethodNegotiate On
KrbSaveCredentials Off
KrbVerifyKDC Off
Require valid-user
</Directory>
What are results? And look at /etc/syslog (if Ubuntu)
You do not have the required permissions to view the files attached to this post.
OTRS 5.0.x with ITSM, FAQ on Ubuntu 16.04, SSO with MS AD;
Win2008, Active Directory, Ubuntu, Centos 6&7, Postgres, MSSQL, OTRS, ZABBIX
Win2008, Active Directory, Ubuntu, Centos 6&7, Postgres, MSSQL, OTRS, ZABBIX
-
- Administrator
- Posts: 3968
- Joined: 18 Dec 2007, 12:23
- Znuny Version: Znuny and Znuny LTS
- Real Name: Roy Kaldung
- Company: Znuny
- Contact:
Re: Single Sign On (SSO) OTRS version 5 with AD
Sorry about that, I did not read this completely.5of5 wrote: I have confirmed that SSO is working with Apache (meaning I’m able to hit non-OTRS areas of the web server by authenticating with my AD credential). We can also see the user that’s being used in Apache (via the access_log, which is determined by HTTP authentication, in this case, mod_auth_kerb).
Please make sure that only /otrs/index.pl and customer.pl use Kerberos authentication - this will speed up everything.
The settings for Kernel/Config.pm are ok. What's the result in the browser if you try to open /otrs/index.pl? Did you see the request in the access_log?
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?
-
- Znuny newbie
- Posts: 24
- Joined: 24 Feb 2017, 18:37
- Znuny Version: 5.0.16
- Real Name: Tom Stiffler
- Company: Concurrent Technology Corp.
Re: Single Sign On (SSO) OTRS version 5 with AD
The browser takes us to the location defined in “$Self->{LoginURL}”.
The access_log is showing something interesting… Any request starting with “/otrs” is not authenticated, yet most requests outside of this path are authenticated. The error_log also contains the following:
ERROR: OTRS-CGI-66 Perl: 5.16.3 OS: linux Time: Mon Apr 24 09:02:06 2017
Message: Need UserLogin or UserID!
RemoteAddress: xx.xx.xx.xx
RequestURI: /otrs/index.pl
It’s almost as if something is configured that’s preventing the “/otrs” location from getting the authenticated request…
The access_log is showing something interesting… Any request starting with “/otrs” is not authenticated, yet most requests outside of this path are authenticated. The error_log also contains the following:
ERROR: OTRS-CGI-66 Perl: 5.16.3 OS: linux Time: Mon Apr 24 09:02:06 2017
Message: Need UserLogin or UserID!
RemoteAddress: xx.xx.xx.xx
RequestURI: /otrs/index.pl
It’s almost as if something is configured that’s preventing the “/otrs” location from getting the authenticated request…
-
- Administrator
- Posts: 3968
- Joined: 18 Dec 2007, 12:23
- Znuny Version: Znuny and Znuny LTS
- Real Name: Roy Kaldung
- Company: Znuny
- Contact:
Re: Single Sign On (SSO) OTRS version 5 with AD
Did you have 401 HTTP return codes for /otrs/index.pl in the log file?
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?
-
- Znuny newbie
- Posts: 24
- Joined: 24 Feb 2017, 18:37
- Znuny Version: 5.0.16
- Real Name: Tom Stiffler
- Company: Concurrent Technology Corp.
Re: Single Sign On (SSO) OTRS version 5 with AD
I’m not seeing a 401… This is the complete log from a browser that’s prompting me for my AD credentials when I hit the login page.
xx.xx.xx.xx - - [24/Apr/2017:13:20:42 -0400] "GET /otrs/index.pl HTTP/1.1" 302 78 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:49.0) Gecko/20100101 Firefox/49.0"
xx.xx.xx.xx - - [24/Apr/2017:13:20:42 -0400] "GET /otrs/index.pl?Action=PreLogin&RequestedURL= HTTP/1.1" 200 5029 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:49.0) Gecko/20100101 Firefox/49.0"
xx.xx.xx.xx - - [24/Apr/2017:13:20:42 -0400] "GET /otrs-web/skins/Agent/default/css/thirdparty/ui-theme/jquery-ui.css HTTP/1.1" 401 381 "http://s45.ctc.com/otrs/index.pl?Action ... uestedURL=" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:49.0) Gecko/20100101 Firefox/49.0"
xx.xx.xx.xx - user@DOMAIN [24/Apr/2017:13:20:53 -0400] "GET /otrs-web/skins/Agent/default/css/thirdparty/ui-theme/jquery-ui.css HTTP/1.1" 200 4062 "http://s45.ctc.com/otrs/index.pl?Action ... uestedURL=" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:49.0) Gecko/20100101 Firefox/49.0"
xx.xx.xx.xx - - [24/Apr/2017:13:20:54 -0400] "POST /otrs/index.pl HTTP/1.1" 302 125 "http://s45.ctc.com/otrs/index.pl?Action ... uestedURL=" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:49.0) Gecko/20100101 Firefox/49.0"
xx.xx.xx.xx - - [24/Apr/2017:13:20:54 -0400] "GET /not_authenticated.html?Reason=LoginFailed&RequestedURL=Action%3DPreLogin%26RequestedURL%3D HTTP/1.1" 401 381 "http://s45.ctc.com/otrs/index.pl?Action ... uestedURL=" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:49.0) Gecko/20100101 Firefox/49.0"
xx.xx.xx.xx - user@DOMAIN [24/Apr/2017:13:20:54 -0400] "GET /not_authenticated.html?Reason=LoginFailed&RequestedURL=Action%3DPreLogin%26RequestedURL%3D HTTP/1.1" 200 1053 "http://s45.ctc.com/otrs/index.pl?Action ... uestedURL=" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:49.0) Gecko/20100101 Firefox/49.0"
xx.xx.xx.xx - - [24/Apr/2017:13:20:42 -0400] "GET /otrs/index.pl HTTP/1.1" 302 78 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:49.0) Gecko/20100101 Firefox/49.0"
xx.xx.xx.xx - - [24/Apr/2017:13:20:42 -0400] "GET /otrs/index.pl?Action=PreLogin&RequestedURL= HTTP/1.1" 200 5029 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:49.0) Gecko/20100101 Firefox/49.0"
xx.xx.xx.xx - - [24/Apr/2017:13:20:42 -0400] "GET /otrs-web/skins/Agent/default/css/thirdparty/ui-theme/jquery-ui.css HTTP/1.1" 401 381 "http://s45.ctc.com/otrs/index.pl?Action ... uestedURL=" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:49.0) Gecko/20100101 Firefox/49.0"
xx.xx.xx.xx - user@DOMAIN [24/Apr/2017:13:20:53 -0400] "GET /otrs-web/skins/Agent/default/css/thirdparty/ui-theme/jquery-ui.css HTTP/1.1" 200 4062 "http://s45.ctc.com/otrs/index.pl?Action ... uestedURL=" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:49.0) Gecko/20100101 Firefox/49.0"
xx.xx.xx.xx - - [24/Apr/2017:13:20:54 -0400] "POST /otrs/index.pl HTTP/1.1" 302 125 "http://s45.ctc.com/otrs/index.pl?Action ... uestedURL=" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:49.0) Gecko/20100101 Firefox/49.0"
xx.xx.xx.xx - - [24/Apr/2017:13:20:54 -0400] "GET /not_authenticated.html?Reason=LoginFailed&RequestedURL=Action%3DPreLogin%26RequestedURL%3D HTTP/1.1" 401 381 "http://s45.ctc.com/otrs/index.pl?Action ... uestedURL=" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:49.0) Gecko/20100101 Firefox/49.0"
xx.xx.xx.xx - user@DOMAIN [24/Apr/2017:13:20:54 -0400] "GET /not_authenticated.html?Reason=LoginFailed&RequestedURL=Action%3DPreLogin%26RequestedURL%3D HTTP/1.1" 200 1053 "http://s45.ctc.com/otrs/index.pl?Action ... uestedURL=" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:49.0) Gecko/20100101 Firefox/49.0"
-
- Administrator
- Posts: 3968
- Joined: 18 Dec 2007, 12:23
- Znuny Version: Znuny and Znuny LTS
- Real Name: Roy Kaldung
- Company: Znuny
- Contact:
Re: Single Sign On (SSO) OTRS version 5 with AD
Ok, that's looking weird, I'll explain it below.
Please try this configuration, you ca place it in an own file (I called it most of the times zzzz_auth_otrs.conf).
Please try this configuration, you ca place it in an own file (I called it most of the times zzzz_auth_otrs.conf).
Code: Select all
<LocationMatch "/otrs/(customer|index).pl">
#SSLRequireSSL
AuthType Kerberos
AuthName "OTRS"
KrbMethodNegotiate On
KrbMethodK5Passwd On
KrbAuthRealms YOUR_KERBEROS_REALM
KrbLocalUserMapping on
KrbServiceName HTTP/fqdn@YOUR_KERBEROS_REALM
#KrbServiceName Any
Krb5KeyTab /etc/krb5.keytab
Require valid-user
</LocationMatch>
- The 2nd log line should have an 401 (Authentication required) to instruct the browser sending credentials.
- The 2rd line has a 401, which leads to an authentication roundtrip whenever a css, javascript file or image is loaded. This impact your performance negative. (See next log entry, 200 response code for authenticated and delivered file jquery-ui.css
- The post request "POST /otrs/index.pl" return a redirection because you're not authenticated to your configured login site. Reason: You enter credentials in the HTML form of OTRS but have setup HTTPBasicAuth, which delegates the authentication to the web server.
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?
-
- Znuny newbie
- Posts: 24
- Joined: 24 Feb 2017, 18:37
- Znuny Version: 5.0.16
- Real Name: Tom Stiffler
- Company: Concurrent Technology Corp.
Re: Single Sign On (SSO) OTRS version 5 with AD
Your mention of using “zzzz_auth_otrs.conf” as the file name got me thinking…
I actually had things working yesterday afternoon, but couldn’t figure out exactly what the fix was. When I saw your post with the mention of the file name, it made me realize that was it. For whatever reason, I renamed the file such that it came after zzz_otrs.conf when Apache read it. I didn’t put things together until this morning when I read your post.
I tested this and found that if the mod_auth_kerb config comes before the config in zzz_otrs.conf, things break.
I also implemented your suggestion to only authenticate index.pl and customer.pl.
Thanks for your help and suggestions. I appreciate it.
I actually had things working yesterday afternoon, but couldn’t figure out exactly what the fix was. When I saw your post with the mention of the file name, it made me realize that was it. For whatever reason, I renamed the file such that it came after zzz_otrs.conf when Apache read it. I didn’t put things together until this morning when I read your post.
I tested this and found that if the mod_auth_kerb config comes before the config in zzz_otrs.conf, things break.
I also implemented your suggestion to only authenticate index.pl and customer.pl.
Thanks for your help and suggestions. I appreciate it.
-
- Administrator
- Posts: 3968
- Joined: 18 Dec 2007, 12:23
- Znuny Version: Znuny and Znuny LTS
- Real Name: Roy Kaldung
- Company: Znuny
- Contact:
Re: Single Sign On (SSO) OTRS version 5 with AD
You're welcome Good to hear that it works now
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?
-
- Znuny newbie
- Posts: 1
- Joined: 03 Jan 2019, 15:51
- Znuny Version: VERSION = 3.1.4
- Real Name: monish
Re: Single Sign On (SSO) OTRS version 5 with AD
Hi,
My otrs SSO is not working. The basic apache sso is working
otrs version 3.1.4
Gone through your article but didn't work out.
below is the only log i get when i hit the URL
==> /var/log/httpd/access_log <==
xx.xx.xx.xx - - [03/Jan/2019:19:54:14 +0530] "GET /helpdesk/index.pl HTTP/1.1" 401 381 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
xx.xx.xx.xx - msnikose [03/Jan/2019:19:54:14 +0530] "GET /helpdesk/index.pl HTTP/1.1" 200 8687 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
My otrs SSO is not working. The basic apache sso is working
otrs version 3.1.4
Gone through your article but didn't work out.
below is the only log i get when i hit the URL
==> /var/log/httpd/access_log <==
xx.xx.xx.xx - - [03/Jan/2019:19:54:14 +0530] "GET /helpdesk/index.pl HTTP/1.1" 401 381 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
xx.xx.xx.xx - msnikose [03/Jan/2019:19:54:14 +0530] "GET /helpdesk/index.pl HTTP/1.1" 200 8687 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36"
Re: Single Sign On (SSO) OTRS version 5 with AD
Please don't hijack old threads. Also you OTRS version is outdated, not supported and extremly unsecure!
"Production": OTRS™ 8, OTRS™ 7, STORM powered by OTRS
"Testing": ((OTRS Community Edition)) and git Master
Never change Defaults.pm! :: Blog
Professional Services:: http://www.otrs.com :: enjoy@otrs.com
"Testing": ((OTRS Community Edition)) and git Master
Never change Defaults.pm! :: Blog
Professional Services:: http://www.otrs.com :: enjoy@otrs.com
-
- Znuny newbie
- Posts: 39
- Joined: 06 Apr 2016, 17:18
- Znuny Version: 6.0.4
- Real Name: Jazmin Medina
- Company: Private
Re: Single Sign On (SSO) OTRS version 5 with AD
Can I use these same configurations version 6?
I need someone to guide me to connect SAML2 with OTRS 6
I need someone to guide me to connect SAML2 with OTRS 6
-
- Administrator
- Posts: 3968
- Joined: 18 Dec 2007, 12:23
- Znuny Version: Znuny and Znuny LTS
- Real Name: Roy Kaldung
- Company: Znuny
- Contact:
Re: Single Sign On (SSO) OTRS version 5 with AD
HI,
You're really desperate, right? This post is about Kerberos SSO and is slighly different from SAML.
- Roy
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?
Use a test system - always.
Do you need professional services? Check out https://www.znuny.com/
Do you want to contribute or want to know where it goes ?