Introduction
The following procedure will describe how to enable federated login in OTRS using simpleSAMLphp as an authentication module. We used the following configuration:
- Linux Debian OS 5.0.8
- Apache 2.2.9
- PHP 5.2.6
- Perl 5.10.0
- simpleSAMLphp 1.5.1
- OTRS 3.0.6
but with minor modifications described procedure should also work on other similar platforms.
Step 1: Installing OTRS and simpleSAMLphp
If you haven't done that already, install OTRS 3.x and simpleSAMLphp. The following instructions should work for all versions of simpleSAMLphp from 1.5.x onwards.
Step 2: Download required software
Download configuration files archive into a temporary folder and unpack it:
# cd /tmp # wget http://developer.aaiedu.hr/download/otrs3_simplesamlphp16.tar.gz # tar xvfz otrs3_simplesamlphp16.tar.gz
Step 3: PHP::Session
Install PHP::Session
Perl module:
# apt-get install libuniversal-require-perl # cd /tmp/otrs3_simplesamlphp16/dpkg # dpkg -i libphp-session-perl_0.27-1_all.deb # mkdir /var/run/samlsessions # chown www-data:www-data /var/run/samlsessions # chmod 775 /var/run/samlsessions
Step 4: Configuring OTRS
Make sure that version of OTRS which you installed works properly with the default configuration. We will assume that OTRS is installed in folder /opt/otrs/
- Log in to OTRS as user
root@localhost
and create new user account which will have admin privileges. Username must be identical to the value of attributeeduPersonPrincipalName
in your federation (in Croatian federation this attribute is calledhrEduPersonUniqueID
). What you enter in thePassword
field is irellevant because you'll be using your federated account to log in. - Copy folder
Kernel
to the appropriate place in the OTRS installation folder:
# cd /tmp/otrs3_simplesaml16/otrs_home/Custom # cp -R Kernel /opt/otrs/Custom
- Enter hostname and parameters for accessing OTRS database using the following:
# vi /opt/otrs/Custom/Kernel/Config.pm $Self->{'DatabaseHost'} = 'localhost'; $Self->{'Database'} = 'otrs'; $Self->{'DatabaseUser'} = 'otrs'; $Self->{'DatabasePw'} = 'password'; $Self->{Home} = '/opt/otrs'; my $c_host = 'host.realm.hr'; $Self->{'Organization'} = 'Organization'; $Self->{'AdminEmail'} = 'root@realm.hr';
Step 5: Configuring simpleSAMLphp
Make sure you have a working installation of simpleSAMLphp configured as a service provider. We will assume that simpleSAMLphp is installed in folder /var/simplesamlphp/
Copy folder otrs
to appropriate place in the simpleSAMLphp installation folder:
# cd /tmp/otrs3_simplesaml16/simplesamlphp_home/www # cp -R otrs /var/simplesamlphp/
Copy folder metadata
to appropriate place in the simpleSAMLphp installation folder:
# cd /tmp/otrs3_simplesaml16/simplesamlphp_home # cp -R metadata /var/simplesamlphp/
Enter hostname and parameters for accessing OTRS database:
# vi /var/simplesamlphp/www/otrs/lib/config.php
Find the following parameters and enter appropriate values depending on your host name and database access parameters:
define('DB_HOST', 'localhost'); define('DB_NAME', 'otrs'); define('DB_USER', 'otrs'); define('DB_PASSWORD', 'password'); define('ALLOWED_REALMS', 'realm.hr'); define('OTRS_BASE_URL', 'http://host.realm.hr/otrs'); define('SIMPLESAML_BASE_URL', 'http://host.realm.hr/simplesaml');
Restart Apache:
/etc/init.d/apache2 restart
and try to authenticate using federated login.