1) Ok, that makes sense, I will follow your advice and build a new module based on a copy of HTTPBasicAuth.pm and see how that works.
2) Noted. The SSO cannot be replaced quickly but I'm aware it's not ideal - it'll be a future project. Many Thanks!!! On Sat, Aug 20, 2016 at 2:28 PM, Martin JERGA <[email protected]> wrote: > Hello, > > First option you described is the way to go, but: > > 1. Definitely do not edit exiting HTTPBasicAuth module but create your own > Auth module (you can create copy of HTTPBasicAuth) Editing default OTRS > modules will cause you troubles during upgrades. > > 2. Cookies are not the best way how to implement SSO, since they can be > stolen very easily. > > Martin > > Martin Jerga > ITSM Consultant > Tempest a.s. > tel: +421917792942 > > > -----Original Message----- > From: otrs [mailto:[email protected]] On Behalf Of System > Administrator > Sent: Saturday, August 20, 2016 8:32 PM > To: [email protected] > Subject: [otrs] custom cookie based Frontend::Customer::Auth authentication > > Hi, > > In our environment we use Cookies for single sign on. And we have Perl code > that extracts the username from the cookie and authenticates the user by > checking the signature embedded in the cookie. > > How can such a cookie based custom SSO work with OTRS? > > I am not sure if the following starting points would work and what other ways > there may be. > > 1) Is this possible?: set Framework - Frontend::Customer::Auth to > "HTTPBasicAuth" and modify Kernel/System/CustomerAuth/HTTPBasicAuth.pm > to read the SSO Cookie and set my $User = ... based on the result? How would > I obtain the cookie in HTTPBasicAuth.pm ? > > 2) Or this? : Also set HTTPBasicAuth in OTRS and process the cookie > separately in Apache and set REMOTE_USER =making it look like Basic > Authentication for OTRS. If yes, how can this be done? > > Thank you in advance for any tips > --------------------------------------------------------------------- > OTRS mailing list: otrs - Webpage: http://otrs.org/ > Archive: http://lists.otrs.org/pipermail/otrs > To unsubscribe: http://lists.otrs.org/mailman/listinfo/otrs > --------------------------------------------------------------------- > OTRS mailing list: otrs - Webpage: http://otrs.org/ > Archive: http://lists.otrs.org/pipermail/otrs > To unsubscribe: http://lists.otrs.org/mailman/listinfo/otrs --------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/mailman/listinfo/otrs
