1) Ok, that makes sense, I will follow your advice and build a new
module based on a copy of HTTPBasicAuth.pm and see how that works.

2) Noted. The SSO cannot be replaced quickly but I'm aware it's not
ideal - it'll be a future project.

Many Thanks!!!


On Sat, Aug 20, 2016 at 2:28 PM, Martin JERGA <[email protected]> wrote:
> Hello,
>
> First option you described is the way to go, but:
>
> 1. Definitely do not edit exiting HTTPBasicAuth module but create your own 
> Auth module (you can create copy of HTTPBasicAuth) Editing default OTRS 
> modules will cause you troubles during upgrades.
>
> 2. Cookies are not the best way how to implement SSO, since they can be 
> stolen very easily.
>
> Martin
>
> Martin Jerga
> ITSM Consultant
> Tempest a.s.
> tel: +421917792942
>
>
> -----Original Message-----
> From: otrs [mailto:[email protected]] On Behalf Of System 
> Administrator
> Sent: Saturday, August 20, 2016 8:32 PM
> To: [email protected]
> Subject: [otrs] custom cookie based Frontend::Customer::Auth authentication
>
> Hi,
>
> In our environment we use Cookies for single sign on. And we have Perl code 
> that extracts the username from the cookie and authenticates the user by 
> checking the signature embedded in the cookie.
>
> How can such a cookie based custom SSO work with OTRS?
>
> I am not sure if the following starting points would work and what other ways 
> there may be.
>
> 1) Is this possible?: set Framework - Frontend::Customer::Auth   to
> "HTTPBasicAuth" and modify Kernel/System/CustomerAuth/HTTPBasicAuth.pm
> to read the SSO Cookie and set my $User = ... based on the result? How would 
> I obtain the cookie in HTTPBasicAuth.pm ?
>
> 2) Or this? : Also set HTTPBasicAuth in OTRS and process the cookie 
> separately in Apache and set REMOTE_USER =making it look like Basic 
> Authentication for OTRS. If yes, how can this be done?
>
> Thank you in advance for any tips
> ---------------------------------------------------------------------
> OTRS mailing list: otrs - Webpage: http://otrs.org/
> Archive: http://lists.otrs.org/pipermail/otrs
> To unsubscribe: http://lists.otrs.org/mailman/listinfo/otrs
> ---------------------------------------------------------------------
> OTRS mailing list: otrs - Webpage: http://otrs.org/
> Archive: http://lists.otrs.org/pipermail/otrs
> To unsubscribe: http://lists.otrs.org/mailman/listinfo/otrs
---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/mailman/listinfo/otrs

Reply via email to