Hi,
I am a seasoned maintainer of OTRS installation in Croatian University
Computing Centre in Zagreb (Srce, http://www.srce.hr/english/index.html).
I've made some smaller contributions to OTRS earlier and now I would like
to enable the users from all over Europe (eduGAIN) to use their credentials
to access this OTRS installation, and possibly others.
I have two questions:
1) Which is the best way to accomplish that?
2) Anybody interested to include that feature in the OTRS code-base?
For the first, we're experimenting with excellent PHP package called
simpleSAMLphp to add support for sign-on through SAML-based service
(that is mandatory). Support for OASIS SAML is much more mature in PHP
than it is in Perl (currently, my opinion). So we took path to use PHP
for that purpose through mechanism of HTTP redirects, HTML form redirects
(JavaScript submit actions). On server side we're using PHP::Session
Perl module to access session data created by PHP code which handles
session creation automatically. It's a bit messy, though it works fine.
So, a module called Kernel::System::Auth::simpleSAMLphpCustomerAuth.pm
(for example, made as a copy of LDAP.pm) checks what it has in session
variables which it accesses through the methods provided by PHP::Session
module, and if everything is ok, it gives access to authenticated user.
Since the relation between OTRS and the Customer is nontrivial, I think
it would be good to create local user account in the database. Right?
For Agent Users we do it the same way -- just an additional check to
session state is made (user_entitlement). Only automatic enrollment is
done automatically, but activating group membership / adding privileges
is to be carried manually later on by real Agent Administrator User.
Would that be ok?
I would like to do it nice and clean so any help is welcome!
Kind regards,
Damir Dzeko
_______________________________________________
OTRS mailing list: dev - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/dev
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/dev
