Google OAuth for OTRS

Moderator: crythias

Post Reply
crons
Znuny newbie
Posts: 58
Joined: 17 Aug 2012, 06:11
Znuny Version: 3.3.x
Real Name: Cornelius Jackson

Google OAuth for OTRS

Post by crons »

Hi,
As any one tried authentication for customers via Google OAuth? Is it possible?
OTRS 3.3.x, Ubuntu, MySql 5.5
jojo
Znuny guru
Posts: 15019
Joined: 26 Jan 2007, 14:50
Znuny Version: Git Master
Contact:

Re: Google OAuth for OTRS

Post by jojo »

there is no such module for OTRS.

Try mod_auth_oauth for apache
"Production": OTRS™ 8, OTRS™ 7, STORM powered by OTRS
"Testing": ((OTRS Community Edition)) and git Master

Never change Defaults.pm! :: Blog
Professional Services:: http://www.otrs.com :: enjoy@otrs.com
crons
Znuny newbie
Posts: 58
Joined: 17 Aug 2012, 06:11
Znuny Version: 3.3.x
Real Name: Cornelius Jackson

Re: Google OAuth for OTRS

Post by crons »

Thanks,
I will give a try on mod_auth_oauth for apache
From Google OAuth i am looking to validate the user/password and auto login to OTRS so that he need not re login into OTRS.
Is it possible?
OTRS 3.3.x, Ubuntu, MySql 5.5
jayquala
Znuny newbie
Posts: 1
Joined: 08 Apr 2015, 04:29
Znuny Version: 4.0.6
Real Name: Jay Marcotte
Company: Quala

Re: Google OAuth for OTRS

Post by jayquala »

Where you able to get OTRS associated with Google OAuth2?
wurzel
Znuny guru
Posts: 3224
Joined: 08 Jul 2010, 22:25
Znuny Version: x.x.x
Real Name: Florian

Re: Google OAuth for OTRS

Post by wurzel »

Hi,

want to share the knowledge?

Flo
OTRS 8 SILVER (Prod)
OTRS 8 auf Debian 11 (Test)
Znuny 7.x latest version testing auf Debian 11

-- Ich beantworte keine Forums-Fragen PN - No PN please

I won't answer to unfriendly users any more. A greeting and regards are just polite.
puneet
Znuny newbie
Posts: 24
Joined: 14 Mar 2016, 08:04
Znuny Version: otrs 4.14
Real Name: puneet sharma
Company: onebcg

Re: Google OAuth for OTRS

Post by puneet »

Was anyone able to successfully integrate Google OAuth with OTRS?
root
Administrator
Posts: 3934
Joined: 18 Dec 2007, 12:23
Znuny Version: Znuny and Znuny LTS
Real Name: Roy Kaldung
Company: Znuny
Contact:

Re: Google OAuth for OTRS

Post by root »

AFAIK there is no mod_auth_oath available. For authentication with Google you could consider mod_auth_openidc which use Google as an OpenID provider. Check out https://github.com/pingidentity/mod_auth_openidc
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO

Use a test system - always.

Do you need professional services? Check out https://www.znuny.com/

Do you want to contribute or want to know where it goes ?
puneet
Znuny newbie
Posts: 24
Joined: 14 Mar 2016, 08:04
Znuny Version: otrs 4.14
Real Name: puneet sharma
Company: onebcg

Re: Google OAuth for OTRS

Post by puneet »

root wrote:AFAIK there is no mod_auth_oath available. For authentication with Google you could consider mod_auth_openidc which use Google as an OpenID provider. Check out https://github.com/pingidentity/mod_auth_openidc
Couldn't find any tutorial to use OpenID with OTRS.
Can you help with any reference
root
Administrator
Posts: 3934
Joined: 18 Dec 2007, 12:23
Znuny Version: Znuny and Znuny LTS
Real Name: Roy Kaldung
Company: Znuny
Contact:

Re: Google OAuth for OTRS

Post by root »

Within OTRS you have to use the HTTPBasicAuth, Apache httpd handels authentication with mod_auth_openidc. The documentation has examples.
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO

Use a test system - always.

Do you need professional services? Check out https://www.znuny.com/

Do you want to contribute or want to know where it goes ?
josy1024
Znuny newbie
Posts: 5
Joined: 08 Nov 2012, 17:53
Znuny Version: 3.1.10
Real Name: Josef Lahmer
Company: gugler gmbh

Re: Google OAuth for OTRS

Post by josy1024 »

i have written a module for apache auth with + mod_auth_openidc

as apache is working with openidc and you get den env variables, you could use it an use the $ENV{OIDC_CLAIM_upn} $ENV{OIDC_CLAIM_unique_name} for agent logins.
maybe it's working for google too! ;-)

details:
print env:
https://gist.github.com/josy1024/aa2537 ... 85afcec8ce


$Self->{'AuthModule'} = 'Kernel::System::Auth::AzureADAuth';
AzureADAuth.pm
https://gist.github.com/josy1024/84853e ... 24b93264fe

AUTH only FOR AGENTS:
<LocationMatch "^/otrs/index.pl">
AuthType openid-connect
Require valid-user
</LocationMatch>
OTRS 3.1.X, OTRS::ITSM 3.1.6 , auth-openldap, customer-openldap, FAQ, Iphone, centos, mysql 5.5
root
Administrator
Posts: 3934
Joined: 18 Dec 2007, 12:23
Znuny Version: Znuny and Znuny LTS
Real Name: Roy Kaldung
Company: Znuny
Contact:

Re: Google OAuth for OTRS

Post by root »

josy1024 wrote: 19 Aug 2020, 14:47 i have written a module for apache auth with + mod_auth_openidc

as apache is working with openidc and you get den env variables, you could use it an use the $ENV{OIDC_CLAIM_upn} $ENV{OIDC_CLAIM_unique_name} for agent logins.
maybe it's working for google too! ;-)
Hi,

Maybe it's working. But who's maintaining it? Is it packaged? I recommend using existing modules like HTTPBasicAuth. The OpenID connector works and you can copy the variables you need into REMOTE_USER

- Roy
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO

Use a test system - always.

Do you need professional services? Check out https://www.znuny.com/

Do you want to contribute or want to know where it goes ?
nedmaj
Znuny expert
Posts: 167
Joined: 26 Nov 2014, 20:34
Znuny Version: 6.3.4
Real Name: Samuel Casimiro
Company: Câmara dos Deputados
Contact:

Re: Google OAuth for OTRS

Post by nedmaj »

This is an old thread, but I would like to share some information about OAuth and mod_auth_openidc.

mod_auth_openidc supports only a Openid Connect provider. A OAuth2 only provider is not supported by mod_auth_openidc.

After login, an OAuth2 provider exchanges a returning code for an access_token, that's all. By the specification it doesn't respond with a so called id_token that is expected by mod_auth_openidc to work.

In other words, a pure OAuth2 provider could authenticate a user but will return no credentials and, so, will not work with mod_auth_openidc neither with Znuny.

More information:

https://github.com/OpenIDC/mod_auth_ope ... sions/1034
Samuel

Znuny 6.3.4 | OTRS 5.0.17
OS: Debian 11 | CentOS 6.5
Database: Postgres | Oracle 12.1
Number of agents: 450 | Number of customers: 20000 | Number of CIs: 30000
Post Reply