[SOLVED] SSO stopped working after Upgrading 3.1.2 -> 3.1.7

[rdquiterio]

Hi ;

Since last october I have had OTRS 3.0 to 3.1.2 installed on openSUSE 11.3 (x86_64), MySQL 5.1.46-log and Apache/2.2.15

I've been working with these versions with SSO authentication for customers and agents using HTTPBasicAuth against my Active Directory.

Last week I made the upgrade to otrs-3.1.7-01.noarch.rpm using the instructions in the UPGRADING file. It looked ok when I refreshed the browser, but when I reopened the browser, we could not logon with the AD user anymore. I was forced to reactivate the DB authentication to be able to login with the localhost accounts.

I watched the system logs but nothing gets logged when I try to logon with HTTPBasicAuth, so I think that something related to apache must have been changed.

Here's a spot of my Config.pm
$Self->{'AuthModule1'} = 'Kernel::System::Auth::HTTPBasicAuth';
$Self->{'AuthModule1::HTTPBasicAuth::ReplaceRegExp'} = '@domain.local';

Thanks for your attention. Rafael

[rdquiterio]

Hi ;

Since last october I have had OTRS 3.0 to 3.1.2 installed on openSUSE 11.3 (x86_64), MySQL 5.1.46-log and Apache/2.2.15

I've been working with these versions with SSO authentication for customers and agents using HTTPBasicAuth against my Active Directory.

Last week I made the upgrade to otrs-3.1.7-01.noarch.rpm using the instructions in the UPGRADING file. It looked ok when I refreshed the browser, but when I reopened the browser, we could not logon with the AD user anymore. I was forced to reactivate the DB authentication to be able to login with the localhost accounts.

I watched the system logs but nothing gets logged when I try to logon with HTTPBasicAuth, so I think that something related to apache must have been changed.

Here's a spot of my Config.pm
$Self->{'AuthModule1'} = 'Kernel::System::Auth::HTTPBasicAuth';
$Self->{'AuthModule1::HTTPBasicAuth::ReplaceRegExp'} = '@domain.local';

Thanks for your attention. Rafael

My apache error_log:
At startup:

[Mon Jul 09 18:03:32 2012] [notice] caught SIGTERM, shutting down
[Mon Jul 09 18:03:33 2012] [warn] Init: Session Cache is not configured [hint: SSLSessionCache]
[Mon Jul 09 18:03:34 2012] [notice] Apache/2.2.15 (Linux/SUSE) mod_ssl/2.2.15 OpenSSL/1.0.0 PHP/5.3.3 mod_auth_kerb/5.4 mod_perl/2.0.4 Perl/v5.12.1 configured -- resuming normal operations


After a manual authentication:

ERROR: OTRS-CGI-10 Perl: 5.12.1 OS: linux Time: Mon Jul 9 18:05:10 2012

Message: No UserID found for 'user@domain.local'!

Traceback (4611):
Module: Kernel::System::User::UserLookup (v1.121) Line: 797
Module: Kernel::System::Auth::Auth (v1.56) Line: 244
Module: Kernel::System::Web::InterfaceAgent::Run (v1.64) Line: 204
Module: ModPerl::ROOT::ModPerl::Registry::opt_otrs_bin_cgi_2dbin_index_2epl::handler (unknown version) Line: 46
Module: (eval) (v1.90) Line: 204
Module: ModPerl::RegistryCooker::run (v1.90) Line: 204
Module: ModPerl::RegistryCooker::default_handler (v1.90) Line: 170
Module: ModPerl::Registry::handler (v1.99) Line: 31

[rdquiterio]

I don't know how it happened, but I had to place the following lines in my httpd.conf to make SSO work again:

<Directory "/opt/otrs/">
AuthType Kerberos
KrbAuthRealms domain.com
KrbServiceName HTTP
Krb5Keytab /etc/keytab.HTTP
KrbMethodNegotiate on
KrbMethodK5Passwd off
require valid-user
</Directory>

I find it strange because I think that the otrs upgrade did not change the httpd.conf file.
Well, it's working again...

[jojo]

the rpm will upgrade the file