Single sign-on

Hi all,

I’d like to ask you for some advice on how to achieve SSO with RT 3.8.2, so my users won’t have to enter their credentials each time they want to open a ticket through the web interface. I see ExternalAuth which I am already using for authentication against our AD, can do this but through a cookie. Since we don’t have a company portal or something like that, we do not have a cookie set already. Therefore ideally I’d like to get the credentials from the Windows session. I came across this link (http://blank.org/memory/output/rt-ad-sso.html) that seems to do what I want but I see it’s a bit dated. Does anyone know if this is still relevant and if it’s possible to integrate this with ExternalAuth? Are there any other approaches?

I would be grateful if anyone could spare some tips.

Thanks!
Jonathan

I don’t know what your users are like, but for a good portion of our
users, actually using RT is too complicated.

We have a simple web form that creates tickets for people.

If they don’t really need RT access, this might be an option.On 1/3/11 7:19 AM, Jonathan Salomon wrote:

Hi all,

I�d like to ask you for some advice on how to achieve SSO with RT
3.8.2, so my users won�t have to enter their credentials each time
they want to open a ticket through the web interface. I see
ExternalAuth which I am already using for authentication against our
AD, can do this but through a cookie. Since we don�t have a company
portal or something like that, we do not have a cookie set already.
Therefore ideally I�d like to get the credentials from the Windows
session. I came across this link
(http://blank.org/memory/output/rt-ad-sso.html) that seems to do what
I want but I see it�s a bit dated. Does anyone know if this is still
relevant and if it�s possible to integrate this with ExternalAuth? Are
there any other approaches?

I would be grateful if anyone could spare some tips.

Thanks!

Jonathan

We’ve done it two ways. The easiest is just to create a web mail form
using PHP and have it send email to RT. Since it is through our portal,
its easy to have the web form forge the from address as
username@whatever.com and RT thinks it came from the user.

We also have one more complicated form that uses the RT perl API to
actually create the ticket and set priorities. This has to run on our RT
server. I’d eventually like to get rid of it, since it is messy, but it
works.On 1/3/11 10:36 AM, Bouzite, Radouan wrote:

Hi,

Can I ask you how it works the web form to create tickets ?


Radouan Bouzite
Unix/SAN Admin.
Ipex Management Inc.
Tel : (514) 769 3445 ext 291
Fax :(514) 769-1672


*From:*rt-users-bounces@lists.bestpractical.com
[mailto:rt-users-bounces@lists.bestpractical.com] *On Behalf Of *John
Arends
Sent: January-03-11 11:32 AM
To: rt Users
Subject: Re: [rt-users] single sign-on

I don’t know what your users are like, but for a good portion of our
users, actually using RT is too complicated.

We have a simple web form that creates tickets for people.

If they don’t really need RT access, this might be an option.

On 1/3/11 7:19 AM, Jonathan Salomon wrote:

Hi all,

I�d like to ask you for some advice on how to achieve SSO with RT
3.8.2, so my users won�t have to enter their credentials each time
they want to open a ticket through the web interface. I see
ExternalAuth which I am already using for authentication against our
AD, can do this but through a cookie. Since we don�t have a company
portal or something like that, we do not have a cookie set already.
Therefore ideally I�d like to get the credentials from the Windows
session. I came across this link
(http://blank.org/memory/output/rt-ad-sso.html) that seems to do what
I want but I see it�s a bit dated. Does anyone know if this is still
relevant and if it�s possible to integrate this with ExternalAuth? Are
there any other approaches?

I would be grateful if anyone could spare some tips.

Thanks!

Jonathan

John Arends
jarends@illinois.edu
Network Analyst
College of ACES ITCS
University of Illinois at Urbana-Champaign

I’d like to ask you for some advice on how to achieve SSO with RT 3.8.2, so my users won’t
have to enter their credentials each time they want to open a ticket through the web
interface. I see ExternalAuth which I am already using for authentication against our AD, can
do this but through a cookie. Since we don’t have a company portal or something like that, we
do not have a cookie set already. Therefore ideally I’d like to get the credentials from the
Windows session. I came across this link ([1]http://blank.org/memory/output/rt-ad-sso.html)
that seems to do what I want but I see it’s a bit dated. Does anyone know if this is still
relevant and if it’s possible to integrate this with ExternalAuth? Are there any other
approaches?

You’re looking for the mod_auth_kerb extension for apache.
It will auto-sign users into RT

By default, they’ll be Unprivileged and will see the RT SelfService UI
(go to http://your.rt/SelfService/ to get an idea of what it looks
like) which is a very stripped down RT UI that will both let your
users create tickets and monitor their resolved and open tickets.

-kevin