[SOLVED]how to Implement SSO on Windows with Apache

Moderator: crythias

Post Reply
BrianYin
OTRS newbie
Posts: 76
Joined: 29 Aug 2012, 10:12
OTRS Version?: 3.1.12

[SOLVED]how to Implement SSO on Windows with Apache

Post by BrianYin »

hi, everyone.
i'm trying to Implement Single Sign On on Windows with Apache instead of LDAP, i follow the instruction on website
http://wiki.otterhub.org/index.php?titl ... ith_Apache
edited the http.conf file in apache folder and modified config.pm in kernel,but it didn't work
OTRS log said

Code: Select all

[Thu Dec  6 10:52:01 2012][Error][Kernel::System::PID::PIDGet][184] Table 'otrs.process_id' doesn't exist, SQL: 'SELECT process_name, process_id, process_host, process_create, process_change FROM process_id WHERE process_name = ? LIMIT 1'
[Thu Dec  6 10:52:01 2012][Error][Kernel::System::PID::PIDDelete][226] Table 'otrs.process_id' doesn't exist, SQL: 'DELETE FROM process_id WHERE process_name = ? AND process_host = ?'
[Thu Dec  6 10:52:01 2012][Error][Kernel::System::PID::PIDCreate][154] Table 'otrs.process_id' doesn't exist, SQL: 'INSERT INTO process_id (process_name, process_id, process_host, process_create, process_change) VALUES (?, ?, ?, ?, ?)'
[Thu Dec  6 10:53:01 2012][Error][Kernel::System::PID::PIDGet][184] Table 'otrs.process_id' doesn't exist, SQL: 'SELECT process_name, process_id, process_host, process_create, process_change FROM process_id WHERE process_name = ? LIMIT 1'
[Thu Dec  6 10:53:01 2012][Error][Kernel::System::PID::PIDDelete][226] Table 'otrs.process_id' doesn't exist, SQL: 'DELETE FROM process_id WHERE process_name = ? AND process_host = ?'
[Thu Dec  6 10:53:01 2012][Error][Kernel::System::PID::PIDCreate][154] Table 'otrs.process_id' doesn't exist, SQL: 'INSERT INTO process_id (process_name, process_id, process_host, process_create, process_change) VALUES (?, ?, ?, ?, ?)'
[Thu Dec  6 10:54:01 2012][Error][Kernel::System::PID::PIDGet][184] Table 'otrs.process_id' doesn't exist, SQL: 'SELECT process_name, process_id, process_host, process_create, process_change FROM process_id WHERE process_name = ? LIMIT 1'
[Thu Dec  6 10:54:01 2012][Error][Kernel::System::PID::PIDDelete][226] Table 'otrs.process_id' doesn't exist, SQL: 'DELETE FROM process_id WHERE process_name = ? AND process_host = ?'
[Thu Dec  6 10:54:01 2012][Error][Kernel::System::PID::PIDCreate][154] Table 'otrs.process_id' doesn't exist, SQL: 'INSERT INTO process_id (process_name, process_id, process_host, process_create, process_change) VALUES (?, ?, ?, ?, ?)'
why is that?
i changed the domain already...any thoughts ?
Thanks!!!
Last edited by BrianYin on 13 Dec 2012, 08:31, edited 1 time in total.
OTRS Version: 3.1.9
OS: windows 2003
ITSM 3.1.6
MySQL 5.xxx

jojo
Moderator
Posts: 14859
Joined: 26 Jan 2007, 14:50
OTRS Version?: Git Master
Contact:

Re: how to Implement Single Sign On on Windows with Apache

Post by jojo »

the error you posted just indicates that your OTRS database is not installed correctly (missing table)

Please repair this first...

Afterwards you might also check the apache log
"Production": OTRS™ 8, OTRS™ 7, STORM powered by OTRS
"Testing": ((OTRS Community Edition)) and git Master

Never change Defaults.pm! :: Blog
Professional Services:: http://www.otrs.com :: enjoy@otrs.com

BrianYin
OTRS newbie
Posts: 76
Joined: 29 Aug 2012, 10:12
OTRS Version?: 3.1.12

Re: how to Implement Single Sign On on Windows with Apache

Post by BrianYin »

This is apache error log:

Code: Select all

ERROR: OTRS-CGI-10 Perl: 5.12.3 OS: MSWin32 Time: Thu Dec  6 10:33:18 2012

 Message: Need UserLogin or UserID!

 Traceback (4716): 
   Module: Kernel::System::User::UserLookup (v1.121) Line: 769
   Module: Kernel::System::Auth::Auth (v1.56) Line: 244
   Module: Kernel::System::Web::InterfaceAgent::Run (v1.64) Line: 204
   Module: ModPerl::ROOT::ModPerl::Registry::I_3a_Program_20Files_OTRS_OTRS_bin_cgi_2dbin_index_2epl::handler (unknown version) Line: 49
   Module: (eval) (v1.90) Line: 204
   Module: ModPerl::RegistryCooker::run (v1.90) Line: 204
   Module: ModPerl::RegistryCooker::default_handler (v1.90) Line: 170
   Module: ModPerl::Registry::handler (v1.99) Line: 31
OTRS Version: 3.1.9
OS: windows 2003
ITSM 3.1.6
MySQL 5.xxx

crythias
Moderator
Posts: 10129
Joined: 04 May 2010, 18:38
OTRS Version?: 5.0.x
Location: SouthWest Florida, USA
Contact:

Re: how to Implement Single Sign On on Windows with Apache

Post by crythias »

BrianYin wrote:Message: Need UserLogin or UserID!
Your post isn't helpful because we don't know what you did, so we can't troubleshoot it. We can only read error messages, like you, and respond to what they say.
OTRS 5.0.x (private/testing/public) on Linux with MySQL database. Also on github.
Please edit your signature to include your OTRS version, Operating System, and database type.
Click Subscribe Topic below to get notifications. Consider amending your topic title to include [SOLVED] if it is so.
Need help? Before you ask

BrianYin
OTRS newbie
Posts: 76
Joined: 29 Aug 2012, 10:12
OTRS Version?: 3.1.12

Re: how to Implement Single Sign On on Windows with Apache

Post by BrianYin »

crythias wrote: Your post isn't helpful because we don't know what you did, so we can't troubleshoot it. We can only read error messages, like you, and respond to what they say.
i didn't make it clear, sorry about that.
i am not sure how to implement SSO on windows with apache, even though i read the wiki webpage already, i am still not much clear.
So far, i can let apache get userid but i can't let it go through the domain
Does httpbaseauth as similar as LDAP in authentication part?
the error log from apache

Code: Select all

Message: No UserID found for xxxx\xxxxx!

 Traceback (6832): 
   Module: Kernel::System::User::UserLookup (v1.121) Line: 797
   Module: Kernel::System::Auth::Auth (v1.56) Line: 224
   Module: Kernel::System::Web::InterfaceAgent::Run (v1.64) Line: 204
   Module: ModPerl::ROOT::ModPerl::Registry::I_3a_Program_20Files_OTRS_OTRS_bin_cgi_2dbin_index_2epl::handler (unknown version) Line: 49
   Module: (eval) (v1.90) Line: 204
   Module: ModPerl::RegistryCooker::run (v1.90) Line: 204
   Module: ModPerl::RegistryCooker::default_handler (v1.90) Line: 170
   Module: ModPerl::Registry::handler (v1.99) Line: 31
OTRS Version: 3.1.9
OS: windows 2003
ITSM 3.1.6
MySQL 5.xxx

crythias
Moderator
Posts: 10129
Joined: 04 May 2010, 18:38
OTRS Version?: 5.0.x
Location: SouthWest Florida, USA
Contact:

Re: how to Implement Single Sign On on Windows with Apache

Post by crythias »

... Repeat my last post.
OTRS 5.0.x (private/testing/public) on Linux with MySQL database. Also on github.
Please edit your signature to include your OTRS version, Operating System, and database type.
Click Subscribe Topic below to get notifications. Consider amending your topic title to include [SOLVED] if it is so.
Need help? Before you ask

BrianYin
OTRS newbie
Posts: 76
Joined: 29 Aug 2012, 10:12
OTRS Version?: 3.1.12

Re: how to Implement Single Sign On on Windows with Apache

Post by BrianYin »

ok, here is what i've done
follow the wiki page instruction
i change the config.pm for agent and customer both

Code: Select all

    $Self->{LogModule}          = 'Kernel::System::Log::File';
    $Self->{LogModule::LogFile} = 'I:/PROGRA~1/OTRS/OTRS/var/log/otrs.log';

    # $DIBI$
    $Self->{'DefaultCharset'}='utf-8';
	
# The following is valid but would only be necessary if the
# anonymous user do NOT have permission to read from the LDAP tree
$Self->{'AuthModule::HTTPBasicAuth::SearchUserDN'} = 'xxxx';
$Self->{'AuthModule::HTTPBasicAuth::SearchUserPw'} = 'xxxx';
$Self->{'AuthModule'} = 'Kernel::System::Auth::HTTPBasicAuth';
$Self->{'AuthModule::HTTPBasicAuth::Replace'} = 'GREATWALL\\';
    # If you use this module, you should use as fallback
    # the following configuration settings if the user is not authorized
    # apache ($ENV{REMOTE_USER})
    $Self->{LoginURL} = 'http://www.baidu.com';
# or a youtube vid of Rick Astley?
    $Self->{LogoutURL} = 'http://www.google.com';

# Creat By Brian

#The following is valid but would only be necessary if the 这里配置获取AD目录与用户数据的查询帐号
#anonymous user do NOT have permission to read from the LDAP tree
  $Self->{'Customer::AuthModule1'} = 'Kernel::System::CustomerAuth::HTTPBasicAuth';
  $Self->{'Customer::AuthModule::HTTPBasicAuth::Replace'} = 'GREATWALL\\';
      # If you use this module, you should use as fallback
    # the following configuration settings if the user is not authorized
    # apache ($ENV{REMOTE_USER})
    $Self->{LoginURL} = 'http://www.google.com';
# or a youtube vid of Rick Astley?
    $Self->{LogoutURL} = 'http://www.baidu.com';

	$Self->{'Customer::AuthModule::HTTPBasicAuth::SearchUserDN'} = 'xxx';
	$Self->{'Customer::AuthModule::HTTPBasicAuth::SearchUserPw'} = 'xxx';
	
#CustomerUser
#(customer user database backend and settings)


# UserTable
    $Self->{DatabaseUserTable} = 'users';
    $Self->{DatabaseUserTableUserID} = 'id';
    $Self->{DatabaseUserTableUserPW} = 'pw';
    $Self->{DatabaseUserTableUser1} = 'login';


# Net::LDAP new params (if needed - for more info see perldoc Net::LDAP)
$Self->{'AuthModule::HTTPBasicAuth::Params'} = {
    port => 389,
    timeout => 120,
    async => 0,
    version => 3,
};
$Self->{'AuthSyncModule::HTTPBasicAuth::UserSyncInitialGroups1'} = ['users',];
Result is agent frontend can do sso, but customer can not
and the otrs log

Code: Select all

[Wed Dec 12 16:38:55 2012][Notice][Kernel::System::CustomerAuth::HTTPBasicAuth::Auth] User: abc Authentication ok (REMOTE_ADDR: 127.0.0.1).
[Wed Dec 12 16:38:55 2012][Error][Kernel::System::CustomerUser::SetPreferences][506] No such user 'abc'!
is there any thoughts can fix it? Appreciate it!
OTRS Version: 3.1.9
OS: windows 2003
ITSM 3.1.6
MySQL 5.xxx

crythias
Moderator
Posts: 10129
Joined: 04 May 2010, 18:38
OTRS Version?: 5.0.x
Location: SouthWest Florida, USA
Contact:

Re: how to Implement Single Sign On on Windows with Apache

Post by crythias »

At first glance, this seems weird. Be consistent in your index numbering. If AuthModule1, make sure all adjoined entries have 1 (...Replace1) or if not, don't use 1.
BrianYin wrote:  $Self->{'Customer::AuthModule1'} = 'Kernel::System::CustomerAuth::HTTPBasicAuth';
BrianYin wrote:  $Self->{'Customer::AuthModule::HTTPBasicAuth::Replace'} = 'GREATWALL\\';

Code: Select all

[Wed Dec 12 16:38:55 2012][Notice][Kernel::System::CustomerAuth::HTTPBasicAuth::Auth] User: abc Authentication ok (REMOTE_ADDR: 127.0.0.1).
[Wed Dec 12 16:38:55 2012][Error][Kernel::System::CustomerUser::SetPreferences][506] No such user 'abc'!
this means what it says, though. It may very well be related to the first issue.
OTRS 5.0.x (private/testing/public) on Linux with MySQL database. Also on github.
Please edit your signature to include your OTRS version, Operating System, and database type.
Click Subscribe Topic below to get notifications. Consider amending your topic title to include [SOLVED] if it is so.
Need help? Before you ask

BrianYin
OTRS newbie
Posts: 76
Joined: 29 Aug 2012, 10:12
OTRS Version?: 3.1.12

Re: how to Implement Single Sign On on Windows with Apache

Post by BrianYin »

OK, it solved! Thanks
OTRS Version: 3.1.9
OS: windows 2003
ITSM 3.1.6
MySQL 5.xxx

Post Reply