RT 5.0.3 integration with OpenID

Hello everyone!
Im trying to find a way to integrate the latest RT version with KeyCloak. I tried to install the RT::Authen::ExternalAuth and RT-Authen-OAuth2, but the system stops me with message “Your installed version of RT is too new”. Is there someone who managed to do this kind of integration and if yes, can you share how?

I’ve not used (or even heard of before now!) KeyCloak, but I see it does SAML2. We use SAML2 to provide authentication services for our RT instances, using the Shibboleth mod_shib module for Apache, configured to talk to our IdP (which is what I assume you’re using KeyCloak for). The Apache module sets the REMOTE_USER when successful, so you can set $WebRemoteUser to 1 in the RT config to pick that up. RT still looks up user details from our AD via LDAP.

1 Like

Oh, and RT::Authen::ExternalAuth functionality was wrapped into the RT core some time ago. The Upgrading 4.4 document says to remove it from your config.

1 Like

Thank you a lot for your reply, much appreciated! I will check, if this will work out.

Here are the general steps you may need to follow:

  1. Install the necessary RT and OpenID modules: You will need to install the RT-Authen-OpenID and Net-OpenID-Common Perl modules, which provide the necessary functionality for integrating RT with OpenID.
  2. Configure RT to use OpenID authentication: In the RT_SiteConfig.pm file, you will need to set the appropriate parameters to enable OpenID authentication. This includes specifying the OpenID server URL, the required user attributes, and the mapping of OpenID attributes to RT user attributes.

Was BaylorEdgar’s post generated by ChatGPT?

1 Like