HTTP Passthru Authentication v1.18.1

skacem

Hello

we've installed osTicket version v1.18.1 (0375576) on an ubuntu server 22.04
we added the (HTTP Passthru Authentication) plugin and enabled it for both Staff and Clients

for the Clients it is working perfectly
for the Staff, the Passthru Authentication isn't working at all
when we try to access the /scp URI, we are getting the Authentication Required page

we had an old server running the v1.15 (d5ee0df) version of osTicket, and the Passthru Authentication was working fine for both the clients and the staff

is it a bug in the v1.18.1 version ?

which config file(s) we must check ?

Best Regards

KevinTheJedi

skacem

Shouldn't be a bug, no, but you never know! I don't have HTTPassthru auth setup to test this so I'm not 100% certain. You should debug the logs on the server (Apache logs, PHP logs, etc.).

Side Note:
If you have a working server, then compare both servers to see what the differences are. There is likely something missing/misconfigured.

Cheers.

skacem

Thanks a lot for your reply
the config is identical for both servers

in addition that there is nothing to configure in the plugin side for (HTTP Passthru Authentication)
we have just to enable it for clients, staff or both
for us the two options are enabled

but the (heavy work) about the Passthru auth is done in the system, and there, we configure the directory of the web server in the virtualhost of the apache daemon, so there is one config for the kerberos sso and it isnt specific for clients or the staff

what i want to say, it is once the kerberos is enabled and working for the clients, it must logically work also for the staff, unless there is something wrong or missing in the staff code pages

but i don't really know, that's why i am asking

KevinTheJedi

skacem

Oh, if you're using a proxy/load balancer you may need to update this setting in your include/ost-config.php file:

https://github.com/osTicket/osTicket/blob/develop/include/ost-sampleconfig.php#L117-L136

You may also want to try disabling Bind Agent session to IP under Admin Panel > Settings > Agents, then fully clear all cache/cookies/sessions (or use incognito tab), and retest the auth.

Cheers.

skacem

Problem resolved
the staff agent had the backend (active directory or ldap) selected
once changed to (use any available backend) the Passthru Authentication worked

it is somewhat weird, because at the first sight the meaning of (local authentication) backend means locally registered users on the osTicket server and it isn't our case as the clients and the staff are all from active directory

Thanks