I am trying to implement SSO for OTRS to do that I have add in Config.pm following lines:
Code: Select all
$Self->{'AuthModule'} = 'Kernel::System::Auth::HTTPBasicAuth';
$Self->{LoginURL} = 'https://<some url>/otrs/index.pl';
$Self->{LogoutURL} = 'https://<some url>/otrs/index.pl';
Code: Select all
Dec 11 10:23:57 otrs OTRS-CGI-92[15604]: [Notice][Kernel::System::Auth::HTTPBasicAuth::Auth] User: No $ENV{REMOTE_USER} or $ENV{HTTP_REMOTE_USER} !(REMOTE_ADDR: <ip address>).
Dec 11 10:23:57 otrs OTRS-CGI-92[15604]: [Error][Kernel::System::Auth::LDAP::Auth][Line:123]: Need User!
Dec 11 10:23:57 otrs OTRS-CGI-92[15604]: [Error][Kernel::System::User::UserLookup][Line:937]: Need UserLogin or UserID!
Dec 11 10:23:58 otrs OTRS-CGI-92[15606]: [Notice][Kernel::System::Auth::HTTPBasicAuth::Auth] User: No $ENV{REMOTE_USER} or $ENV{HTTP_REMOTE_USER} !(REMOTE_ADDR: <ip address>).
Dec 11 10:23:58 otrs OTRS-CGI-92[15606]: [Error][Kernel::System::Auth::LDAP::Auth][Line:123]: Need User!
Dec 11 10:23:58 otrs OTRS-CGI-92[15606]: [Error][Kernel::System::User::UserLookup][Line:937]: Need UserLogin or UserID!
Dec 11 10:23:58 otrs OTRS-CGI-92[15598]: [Notice][Kernel::System::Auth::HTTPBasicAuth::Auth] User: No $ENV{REMOTE_USER} or $ENV{HTTP_REMOTE_USER} !(REMOTE_ADDR: <ip address>).
Dec 11 10:23:58 otrs OTRS-CGI-92[15598]: [Error][Kernel::System::Auth::LDAP::Auth][Line:123]: Need User!
Dec 11 10:23:58 otrs OTRS-CGI-92[15598]: [Error][Kernel::System::User::UserLookup][Line:937]: Need UserLogin or UserID!
Dec 11 10:23:59 otrs OTRS-CGI-92[15604]: [Notice][Kernel::System::Auth::HTTPBasicAuth::Auth] User: No $ENV{REMOTE_USER} or $ENV{HTTP_REMOTE_USER} !(REMOTE_ADDR: <ip address>).
Dec 11 10:23:59 otrs OTRS-CGI-92[15604]: [Error][Kernel::System::Auth::LDAP::Auth][Line:123]: Need User!
Dec 11 10:23:59 otrs OTRS-CGI-92[15604]: [Error][Kernel::System::User::UserLookup][Line:937]: Need UserLogin or UserID!
Dec 11 10:24:00 otrs OTRS-CGI-92[15604]: [Notice][Kernel::System::Auth::HTTPBasicAuth::Auth] User: No $ENV{REMOTE_USER} or $ENV{HTTP_REMOTE_USER} !(REMOTE_ADDR: <ip address>).
Code: Select all
/opt/otrs/scripts/apache2-httpd.include.conf
Code: Select all
# USING SSO
#
# You need to configure 'WebApp::SSO::RemoteUserSecret' in OTRS_HOME/Kernel/Config.pm:
# $Self->{'WebApp::SSO::RemoteUserSecret'} = 'My-SSO-RemoteUser-Secret';
#
# Also, your Apache must forward the following two headers to OTRS (add this to the <Location /> section):
#
# # Add SSO username to the request.
# RequestHeader set REMOTE_USER %{REMOTE_USER}
#
# # Add SSO secret to the request.
# RequestHeader set REMOTE_USER_SECRET 'My-SSO-Remote-User-Secret'
#
# For more details about the RequestHeader directive, please consult the Apache documentation at
# https://httpd.apache.org/docs/2.4/mod/mod_headers.html#requestheader
Code: Select all
<Location />
# Pass the HTTP protocol request header to the backend server if SSL is inactive.
RequestHeader set "X-Forwarded-Proto" "http" env=!HTTPS
ProxyPass http://localhost:8080/
RequestHeader set REMOTE_USER %{REMOTE_USER}
RequestHeader set REMOTE_USER_SECRET 'My-SSO-Remote-User-Secret'
# Prevent apache incompatibility with web service clients
# that send a "100 Continue" header.
# Variant for apache 2.4.40 and later.
<IfVersion >= 2.4.40>
Proxy100Continue Off
</IfVersion>
</Location>
Code: Select all
$Self->{'WebApp::SSO::RemoteUserSecret'} = '<password for LDAP user used to integrate OTRS with Active Directory>';
Code: Select all
-- The result is failed.
Dec 11 11:28:11 otrs systemd[1]: Unit httpd.service entered failed state.
Dec 11 11:28:11 otrs systemd[1]: httpd.service failed.
Dec 11 11:28:12 otrs otrs.Daemon.pl[10206]: No indexing needed! Skipping...
Dec 11 11:28:12 otrs otrs.Daemon.pl[10206]: Done.
Dec 11 11:28:12 otrs otrs.Daemon.pl[10206]: No messages available for sending.
Dec 11 11:28:12 otrs otrs.Daemon.pl[10206]: Done.
Dec 11 11:28:13 otrs otrs.Daemon.pl[10206]: Gathering unindexed documents for document type 'Appointment' ...
Dec 11 11:28:13 otrs otrs.Daemon.pl[10206]: Index is already up-to-date.
Dec 11 11:28:13 otrs otrs.Daemon.pl[10206]: Gathering unindexed documents for document type 'ArticleChat' ...
Dec 11 11:28:13 otrs otrs.Daemon.pl[10206]: Index is already up-to-date.
Dec 11 11:28:13 otrs otrs.Daemon.pl[10206]: Gathering unindexed documents for document type 'ArticleMIME' ...
Dec 11 11:28:13 otrs otrs.Daemon.pl[10206]: Index is already up-to-date.
Dec 11 11:28:13 otrs otrs.Daemon.pl[10206]: Gathering unindexed documents for document type 'ArticleSMS' ...
Dec 11 11:28:13 otrs otrs.Daemon.pl[10206]: Index is already up-to-date.
Dec 11 11:28:13 otrs otrs.Daemon.pl[10206]: Gathering unindexed documents for document type 'CustomPageContent' ...
Dec 11 11:28:13 otrs otrs.Daemon.pl[10206]: Index is already up-to-date.
Dec 11 11:28:13 otrs otrs.Daemon.pl[10206]: Gathering unindexed documents for document type 'FAQ' ...
Dec 11 11:28:13 otrs otrs.Daemon.pl[10206]: Index is already up-to-date.
Dec 11 11:28:13 otrs otrs.Daemon.pl[10206]: Gathering unindexed documents for document type 'ServiceCatalogueContent' ...
Dec 11 11:28:13 otrs otrs.Daemon.pl[10206]: Index is already up-to-date.
Dec 11 11:28:13 otrs otrs.Daemon.pl[10206]: Gathering unindexed documents for document type 'Ticket' ...
Dec 11 11:28:13 otrs otrs.Daemon.pl[10206]: Index is already up-to-date.
Dec 11 11:28:13 otrs otrs.Daemon.pl[10206]: Done
Dec 11 11:28:14 otrs polkitd[654]: Registered Authentication Agent for unix-process:21074:320185178 (system bus name :1.1979 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent,
Dec 11 11:28:14 otrs systemd[1]: Starting The Apache HTTP Server...
-- Subject: Unit httpd.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit httpd.service has begun starting up.
Dec 11 11:28:14 otrs httpd[21090]: AH00526: Syntax error on line 23 of /etc/httpd/conf.d/zzz_otrs.conf:
Dec 11 11:28:14 otrs httpd[21090]: Unrecognized header format %
Dec 11 11:28:14 otrs systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
Dec 11 11:28:14 otrs kill[21092]: kill: cannot find process ""
Dec 11 11:28:14 otrs systemd[1]: httpd.service: control process exited, code=exited status=1
Dec 11 11:28:14 otrs systemd[1]: Failed to start The Apache HTTP Server.
-- Subject: Unit httpd.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit httpd.service has failed.
--
-- The result is failed.
Dec 11 11:28:14 otrs systemd[1]: Unit httpd.service entered failed state.
Dec 11 11:28:14 otrs systemd[1]: httpd.service failed.
Dec 11 11:28:14 otrs polkitd[654]: Unregistered Authentication Agent for unix-process:21074:320185178 (system bus name :1.1979, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)