So I tried some more trying to get SSO also to work for staff users without luck. LDAP auth for staff works just fine and passthru for staff is enabled. I'm lost. Hopefully someone can point me in the right direction.
The browser passes the AD user to the webserver (checked in apache log) but login fails when clicking 'Log In' with empty user/pass on the /scp page. (Invalid Login message). I'm not sure if I'm supposed to login this way, suggestions are welcome.
Read thru several times, but at the moment I only wonder, why you have to click "Log In" on /scp ?
In my setup (which I can't look right now since I'm already at home and watching FIFA Soccer Worldcup Opening Game - so maybe I'm a bit distraced... ) if I enter /scp I /other staff will be signed in automatically. There is no need to anything else like click "Log In" or so. Nearly the same on the client side - I just enter the side and after that I can click anything I like (Create Ticket, Ticket Status or Log In) and voila the user is signed in.
Wait... there are 2 cases I need to login to Apache SSO and/or the osticket staff login.
1. When I start the browser as local user (NOT a domain user) I need to enter my SSO/AD Login. (not so interesting for this topic I think)
2. When I login to Apache / SSO with a AD windows user that is not a staff user. Then I need to enter my credentials again on the /scp (Maybe interesting)
Some additional info about my setup: Registration Method: Public and Registration Required: YES / ENABLED
But for now I do not a idea like "That's the error / the source of the issue". Maybe tomorrow when I am at work and look thru our setup I have some idea what you can try ;)