The following procedure will describe how to enable federated login in OTRS using simpleSAMLphp as an authentication module. We used the following configuration:
but with minor modifications described procedure should also work on other similar platforms.
If you haven't done that already, install OTRS 3.x and simpleSAMLphp. The following instructions should work for all versions of simpleSAMLphp from 1.5.x onwards.
Download configuration files archive into a temporary folder and unpack it:
# cd /tmp # wget http://developer.aaiedu.hr/download/otrs3_simplesamlphp16.tar.gz # tar xvfz otrs3_simplesamlphp16.tar.gz |
Install PHP::Session
Perl module:
# apt-get install libuniversal-require-perl # cd /tmp/otrs3_simplesamlphp16/dpkg # dpkg -i libphp-session-perl_0.27-1_all.deb # mkdir /var/run/samlsessions # chown www-data:www-data /var/run/samlsessions # chmod 775 /var/run/samlsessions |
Make sure that version of OTRS which you installed works properly with the default configuration. We will assume that OTRS is installed in folder /opt/otrs/
root@localhost
and create new user account which will have admin privileges. Username must be identical to the value of attribute eduPersonPrincipalName
in your federation (in Croatian federation this attribute is called hrEduPersonUniqueID
). What you enter in the Password
field is irellevant because you'll be using your federated account to log in.Kernel
to the appropriate place in the OTRS installation folder:# cd /tmp/otrs3_simplesaml16/otrs_home/Custom # cp -R Kernel /opt/otrs/Custom |
# vi /opt/otrs/Custom/Kernel/Config.pm $Self->{'DatabaseHost'} = 'localhost'; $Self->{'Database'} = 'otrs'; $Self->{'DatabaseUser'} = 'otrs'; $Self->{'DatabasePw'} = 'password'; $Self->{Home} = '/opt/otrs'; my $c_host = 'host.realm.hr'; $Self->{'Organization'} = 'Organization'; $Self->{'AdminEmail'} = 'root@realm.hr'; |
Make sure you have a working installation of simpleSAMLphp configured as a service provider. We will assume that simpleSAMLphp is installed in folder /var/simplesamlphp/
Copy folder otrs
to appropriate place in the simpleSAMLphp installation folder:
# cd /tmp/otrs3_simplesaml16/simplesamlphp_home/www # cp -R otrs /var/simplesamlphp/ |
Copy folder metadata
to appropriate place in the simpleSAMLphp installation folder:
# cd /tmp/otrs3_simplesaml16/simplesamlphp_home # cp -R metadata /var/simplesamlphp/ |
Enter hostname and parameters for accessing OTRS database:
# vi /var/simplesamlphp/www/otrs/lib/config.php |
Find the following parameters and enter appropriate values depending on your host name and database access parameters:
define('DB_HOST', 'localhost'); define('DB_NAME', 'otrs'); define('DB_USER', 'otrs'); define('DB_PASSWORD', 'password'); define('ALLOWED_REALMS', 'realm.hr'); define('OTRS_BASE_URL', 'http://host.realm.hr/otrs'); define('SIMPLESAML_BASE_URL', 'http://host.realm.hr/simplesaml'); |
Restart Apache:
/etc/init.d/apache2 restart |
and try to authenticate using federated login.