Introduction

The following procedure will describe how to enable federated login in OTRS using simpleSAMLphp as an authentication module. We used the following configuration:

  • Linux Debian OS 5.0.8
  • Apache 2.2.9
  • PHP 5.2.6
  • Perl 5.10.0
  • simpleSAMLphp 1.5.1
  • OTRS 3.0.6

but with minor modifications described procedure should also work on other similar platforms.

Step 1: Installing OTRS and simpleSAMLphp

If you haven't done that already, install OTRS 3.x and simpleSAMLphp. The following instructions should work for all versions of simpleSAMLphp from 1.5.x onwards.

Step 2: Download required software

Download configuration files archive into a temporary folder and unpack it:

# cd /tmp
# wget http://developer.aaiedu.hr/download/otrs3_simplesamlphp16.tar.gz
# tar xvfz otrs3_simplesamlphp16.tar.gz

Step 3: PHP::Session

Install PHP::Session Perl module:

# apt-get install libuniversal-require-perl
# cd /tmp/otrs3_simplesamlphp16/dpkg
# dpkg -i libphp-session-perl_0.27-1_all.deb
# mkdir /var/run/samlsessions
# chown www-data:www-data /var/run/samlsessions
# chmod 775 /var/run/samlsessions

Step 4: Configuring OTRS

Make sure that version of OTRS which you installed works properly with the default configuration. We will assume that OTRS is installed in folder /opt/otrs/

  1. Log in to OTRS as user root@localhost and create new user account which will have admin privileges. Username must be identical to the value of attribute eduPersonPrincipalName in your federation (in Croatian federation this attribute is called hrEduPersonUniqueID). What you enter in the Password field is irrelevant because you'll be using your federated account to log in.
  2. Copy folder Kernel to the appropriate place in the OTRS installation folder:
# cd /tmp/otrs3_simplesaml16/otrs_home/Custom
# cp -R Kernel /opt/otrs/Custom
  1. Enter hostname and parameters for accessing OTRS database using the following:
# vi /opt/otrs/Custom/Kernel/Config.pm

$Self->{'DatabaseHost'} = 'localhost';
$Self->{'Database'} = 'otrs';
$Self->{'DatabaseUser'} = 'otrs';
$Self->{'DatabasePw'} = 'password';
$Self->{Home} = '/opt/otrs';
my $c_host = 'host.realm.hr';
$Self->{'Organization'} = 'Organization';
$Self->{'AdminEmail'} = 'root@realm.hr';

Step 5: Configuring simpleSAMLphp

Make sure you have a working installation of simpleSAMLphp configured as a service provider. We will assume that simpleSAMLphp is installed in folder /var/simplesamlphp/

Copy folder otrs to appropriate place in the simpleSAMLphp installation folder:

# cd /tmp/otrs3_simplesaml16/simplesamlphp_home/www
# cp -R otrs /var/simplesamlphp/

Copy folder metadata to appropriate place in the simpleSAMLphp installation folder:

# cd /tmp/otrs3_simplesaml16/simplesamlphp_home
# cp -R metadata /var/simplesamlphp/

Enter hostname and parameters for accessing OTRS database:

# vi /var/simplesamlphp/www/otrs/lib/config.php

Find the following parameters and enter appropriate values depending on your host name and database access parameters:

define('DB_HOST', 'localhost');
define('DB_NAME', 'otrs');
define('DB_USER', 'otrs');
define('DB_PASSWORD', 'password');
define('ALLOWED_REALMS', 'realm.hr');
define('OTRS_BASE_URL', 'http://host.realm.hr/otrs');
define('SIMPLESAML_BASE_URL', 'http://host.realm.hr/simplesaml');

Restart Apache:

/etc/init.d/apache2 restart

and try to authenticate using federated login.

  • No labels