GenericInterface REST Authorization issues

Moderator: crythias

Post Reply
bcools
Znuny newbie
Posts: 3
Joined: 09 Jan 2020, 11:20
Znuny Version: 6.023
Real Name: Bert Coesemans

GenericInterface REST Authorization issues

Post by bcools »

Hi all,

I received control of our OTRS system to work on a project, and I am not really familiar with it yet. However, I was looking into the Generic Interface possibilities and it would make a lot of things we do a lot easier. There is one issue: I can't authorize. I followed the steps and imported GenericTicketConnectorREST.yml into the Web Services, but whenever I run the following request from a remote system, it always returns the same error:

Code: Select all

https://<server-location>/otrs/nph-genericinterface.pl/Webservice/GenericTicketConnectorREST/Ticket/88686?UserLogin=<agent-user>&Password=<agent-pw>
The return I get is the following:

Code: Select all

{"Error":{"ErrorCode":"TicketGet.AuthFail","ErrorMessage":"TicketGet: Authorization failing!"}}
I think I have tried everything I found online, created a new Agent with with rw on all queues, part of all groups and assigned to all roles. The Web Service debugger shows the following data:

Code: Select all

$VAR1 = {
  'CONTEXT_DOCUMENT_ROOT' => '/opt/otrs/bin/cgi-bin/',
  'CONTEXT_PREFIX' => '/otrs/',
  'DOCUMENT_ROOT' => '/opt/otrs/var/httpd/htdocs/',
  'GATEWAY_INTERFACE' => 'CGI/1.1',
  'HTTPS' => 'on',
  'HTTP_ACCEPT' => '*/*',
  'HTTP_ACCEPT_ENCODING' => 'gzip, deflate',
  'HTTP_CACHE_CONTROL' => 'no-cache',
  'HTTP_CONNECTION' => 'keep-alive',
  'HTTP_HOST' => '<server-name>',
  'HTTP_POSTMAN_TOKEN' => '5196524c-67df-4c1e-88e8-ab545d7eca7b',
  'HTTP_USER_AGENT' => 'PostmanRuntime/7.20.1',
  'MOD_PERL' => 'mod_perl/2.0.11',
  'MOD_PERL_API_VERSION' => '2',
  'PATH' => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin',
  'PATH_INFO' => '/Webservice/GenericTicketConnectorREST/Ticket/88686',
  'PATH_TRANSLATED' => '/opt/otrs/var/httpd/htdocs/Webservice/GenericTicketConnectorREST/Ticket/88686',
  'QUERY_STRING' => 'userLogin=<agent-login>&Password=<agent-pw>',
  'REMOTE_ADDR' => '<remote-ip>',
  'REMOTE_PORT' => '<remote-port>',
  'REQUEST_METHOD' => 'GET',
  'REQUEST_SCHEME' => 'https',
  'REQUEST_URI' => '/otrs/nph-genericinterface.pl/Webservice/GenericTicketConnectorREST/Ticket/88686?userLogin=barcoo&Password=otrs',
  'SCRIPT_FILENAME' => '/opt/otrs/bin/cgi-bin/nph-genericinterface.pl',
  'SCRIPT_NAME' => '/otrs/nph-genericinterface.pl',
  'SERVER_ADDR' => '<server-ip>',
  'SERVER_ADMIN' => 'root@localhost',
  'SERVER_NAME' => '<server-name>',
  'SERVER_PORT' => '443',
  'SERVER_PROTOCOL' => 'HTTP/1.1',
  'SERVER_SIGNATURE' => '',
  'SERVER_SOFTWARE' => 'Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_auth_gssapi/1.5.1 mod_perl/2.0.11 Perl/v5.16.3',
  'SSL_TLS_SNI' => '<server-name>',
  'UNIQUE_ID' => 'XhcBKXqLyI@kgfdxsGWYUAAAAAk'
};
Incoming data before mapping also looks good as far as I know:

Code: Select all

$VAR1 = {
  'Password' => '<agent-pw>',
  'RequestMethod' => 'GET',
  'TicketID' => '88686',
  'UserLogin' => '<agent-login>'
};
I can literally find no way to get this working. However when I go look in Session Management and I use the SessionID=<session-id> parameter I find there (for my logged in user), the API works. Unfortunately, I have no way to create such sessionID, since this also requires login credentials.

Maybe there is some setting that needs to be changed? I looked through everything but can't seem to find it. Any of you have an idea?
Last edited by bcools on 10 Jan 2020, 11:43, edited 1 time in total.
bcools
Znuny newbie
Posts: 3
Joined: 09 Jan 2020, 11:20
Znuny Version: 6.023
Real Name: Bert Coesemans

Re: GenericInterface REST Authorization issues

Post by bcools »

After a lot more testing and trying, I figured out that it was SSO that caused the issue. When I turned it off for OTRS, I could use this login. My question now is: is it possible to use SSO and normal authentication, or to get some data from the SSO that makes it possible for me to use the Generic Interface?
skullz
Znuny superhero
Posts: 618
Joined: 24 Feb 2012, 03:58
Znuny Version: LTS and Features
Real Name: Mo Azfar
Location: Kuala Lumpur, MY
Contact:

Re: GenericInterface REST Authorization issues

Post by skullz »

Perhaps you sso config is overwrite default db auth..

Try to add this line under config.pm

$Self->{'AuthModule1'} = 'Kernel::System::Auth::DB';

Good luck
root
Administrator
Posts: 3934
Joined: 18 Dec 2007, 12:23
Znuny Version: Znuny and Znuny LTS
Real Name: Roy Kaldung
Company: Znuny
Contact:

Re: GenericInterface REST Authorization issues

Post by root »

Hi,
skullz wrote: 09 Jan 2020, 20:18 $Self->{'AuthModule1'} = 'Kernel::System::Auth::DB';
This single line I guess won't work. There are more parameter for Auth::DB.

to the OP:
Depending on the type of SSO, I guess it's Kerberos, you can also use HTTP Basic Authentication for your request.

Otherwise configure Auth::DB as a 2nd authentication method as mentioned by skullz.

- Roy
Znuny and Znuny LTS running on CentOS / RHEL / Debian / SLES / MySQL / PostgreSQL / Oracle / OpenLDAP / Active Directory / SSO

Use a test system - always.

Do you need professional services? Check out https://www.znuny.com/

Do you want to contribute or want to know where it goes ?
bcools
Znuny newbie
Posts: 3
Joined: 09 Jan 2020, 11:20
Znuny Version: 6.023
Real Name: Bert Coesemans

Re: GenericInterface REST Authorization issues

Post by bcools »

The Basic HTTP Authorization header did not work. Setting up the db auth as a second method of authentication however, did work! Thank you all for your feedback!
Post Reply