Login via email link issue with ldap and http passthrough

DBMandrake

Hi All,

Since upgrading from 1.17.3 to 1.18.2 I've noticed an issue with end users automatically logging in via a ticket link.

As noted in the subject we use the LDAP plugin with Active Directory and HTTP Passthrough Plugin. (With Windows authentication on IIS and group policy to make browsers send credentials) This has been working great for a few years.

If a user is not logged in and they go to the user portal it will say Guest, they can then click sign in, or open ticket and they will be instantly logged in - this is still working in 1.18.2.

However if they are signed out in the browser and they follow the link in an email from the ticket auto response template problems occur.

In the template there is the default link of "%%7Brecipient.ticket_link%7D" which expands to a link in the email such as "https://support.my-domain.org/view.php?auth=o1xhqaaaahzayaaaUMjElDIFaVHIrQ%3D%3D".

This takes them correctly to the ticket and they can see it, however instead of automatically signing them in it signs them in as guest and suggests clicking on a link to sign in:

Following either the Sign In or Register for an account links fails after a few seconds with a browser redirection error:

This page isn’t working
support.my-domain.org redirected you too many times.

Try deleting your cookies.
ERR_TOO_MANY_REDIRECTS

I can't say for certain that this wasn't happening on the old version, as I don't really use OSTicket's end user portal, however I don't believe this was happening as I don't recall ever seeing it before in testing.

Not sure where to start looking here - although I'm going to assume that it's some kind of interaction with the LDAP and HTTP passthrough plugins.

DBMandrake

A little bit more digging on this issue.

The sign in hyperlink looks like https://support.my-domain.org/login.php?e=my-use4rname%40my-domain.org

This redirects to https://support.my-domain.org/tickets.php with a 302 Found response, and gets stuck in a redirection loop constantly redirecting back to tickets.php until the browser stops following the loop.

I've found that if instead of clicking on the sign in link, I copy the hyperlink, click Sign Out, at the top right to sign out as guest, then paste the link in, it signs me in correctly, however if I paste the link in without first signing out guest it gets stuck in the redirect loop.

So the issue appears to be that the sign in process gets stuck in a loop if the user is already signed in as "Guest", and the Authentication token option in Users -> Settings, seems to cause the user to get logged in as a Guest...

KevinTheJedi

DBMandrake

Go read some other recent posts. Some people are experiencing session issues. It will be looked into eventually. Legacy is in maintenance mode so updates have been scaled back quite a bit to allow focus on v2.0. This to say it will be quite some time before we look into this.

Cheers.

DBMandrake

I tried rolling back to my previous version - 1.17.3 (luckily its a time of year when the ticket system is not being used) and the problem persists, so it looks like while it is a problem, it's not new to this version.

I'm doing more testing to see whether any authentication changes on client PC's may have caused this.