@[deleted] I think that you can give a better description of this since you all are doing it (and I still need to set it up here).

Yes, will give an detailed answer tomorrow ;)

So, sorry for the delay but was a bit hectic here.Using the auth-passthru plugin basically works like this:- You create an osTicket user / staff account by typing in the username from the AD/LDAP user in the field "username" - in osTicket should now appear a dropdown list with all usernames matching the search of ldap users - select the username you like to add and the info like "username" "firstname" "lastname" etc. should be pulled automatically from ldap. As auth backend select "any backend".- This first step is important since you this needs to work so that you know osTicket ldap search / auth is properly configured! If you don't see a dropdown list appearing, something is wrong with the ldap search.- You install and enable the auth-passthru plugin itself as well as you enable the options for staff and/or clients auth inside the plugin- Now, you need to configure you webserver, so that the authentication is done by your webserver. We use an apache here, so can't exactly tell you how SSO works with IIS, but guess there are several tutorials to get SSO working with an IIS webserver either here at the forum or in the world wide web ;) Basically you need to tell the webserver to use SSO for the address / directory where your osTicket installation resides.- Another important step: Make sure SSO is working and you get authenticated against the webserver with you windows user account and don't get asked for you password or get any other kind of error.- The webserver now should pass the SSO authentication thru to osTicket which checks if the user-account that was given by the webserver also exists in the osTicket database and if yes, automatically logs in the user into osTicket. Works great for staff, for users it works also, but the need to click on "Sign In" button at the users portal. To fix this we created a little index.html at the root dir of the webserver that redirects the user to the sub-dir with osTicket inside and does an auto-login by calling the login.php in the background before redirecting. - That way the user account here with the registrationmethod "public" and "allow to register for everyone" (if i remember correctly) the user account gets automatically created! Even if the user enters the ticket system (website) for the first time - great thing! Since regtistration method is set to public and we like to avoid that some users register an account we simply added a redirect for several pages - here the apache config for that which should help you even though your on IIS:RewriteEngine On

RedirectMatch ^/osticket/view.php$ /osticket/tickets.php

RedirectMatch ^/osticket/account.php$ /osticket/tickets.phpHere is the content of that file if you like to use it too:<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"

"http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>

<title>osTicket @ YOUR COMPANY</title>

</head>

<body>

<!-- Load osticket/login.php in background (silent login) -->

<!-- Redirect to osticket/index.php afterwards -->

<script type="text/javascript">

window.onload = function() {

var login = new XMLHttpRequest();

login.open('GET', 'osticket/login.php', false);

login.send(null);

location.href = 'osticket/index.php';

};

</script>

<!-- In case redirection fails, show instructions for users -->

<h1>Welcome to the Support Center</h1>

<h2>Signing you in, so please wait a few seconds...<br><br>You will be redirected automatically...</h2>

<h3>In case redirect does not work:<br><br><a href="osticket/index.php">Support Center</a></h3>

</body>

</html>

@Chefkeks What guide did you follow to get Apache SSO working? on your webserver?

@[deleted]I used the following guide to get Apache SSO working on my webserver and worked like a charm:http://blog.stefan-macke.com/2011/04/19/single-sign-on-with-kerberos-using-debian-and-windows-server-2008-r2/Before I had tried some other guides, but that one worked best and also has a section what errors can happen and how to fix them ;)

@[deleted] I have LDAP Auth Plugin working, as it validates my username/password for me to gain access. But, I'm concerned that I can't get osTicket to "search" for a username as you suggest. Under the Admin panel, when I click on "Add New Staff", no drop down is generated for me to select a new user. Any ideas?

@[deleted]Please do not hijack this thread and instead start a new discussion regarding your issue and include some more information about your osTicket installation and environment: http://forum.osticket.com/d/discussion//please-read-before-requesting-assistance#latestThank you.

How can I use this plugin to pass the username from my cms to the osticket system and auto login

@[deleted]

Quoting myself:

Please do not hijack this thread and instead start a new discussion regarding your issue and include some more information about your osTicket installation and environment: http://forum.osticket.com/d/discussion//please-read-before-requesting-assistance#latest

Thank you.

I'm reading about this as it might be that I need the same solution.Do I still need to create each user first using the drop down in OST or will this be done automaticly ?I actually need to be able to just login a user that is recognized in the LDAP serverand "automaticly" created. SSO is not needed directly here for me.

Our solution with SSO does it automatically.Not sure, whether only LDAP will do it automatically to - just give it a try ;)

OK, but what do I need outside of SSO. My default LDAP install doesn't.

Our solution with SSO does it automatically.

Not sure, whether only LDAP will do it automatically to - just give it a try ;)

I just looked at your solution but that doesn't create the user by default, so some dev should have been done.

If I remember correctly it does not work only with LDAP, so SSO does the trick that the account will be automatically created without any manual action and maybe the registration options are playing another important role. So... What registration method do you use and have you set registration as required or not?

Here's a little update for the index file. Needs now to be saved as index.php and included in the kerberos / sso config of the web server.

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"

"http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>

<title>osTicket @ Your Company</title>

</head>

<body>

<!-- In case redirection fails, show instructions for users -->

<h1>Welcome to the Support Center</h1>

<h2>Signing you in, please wait a few seconds.<br>You will be redirected automatically...</h2><br><br>

<h1>In case redirect does not work:<br></h1>

<h1><a href="osticket/index.php">Support Center</a></h1>

<?php

// Get username from webserver using REMOTE_USER

// Separate username and domain - method: split after @ symbol

$usernameATdomain = $_SERVER;

$ATposition = strpos($usernameATdomain,"@");

$username = substr($usernameATdomain, 0, $ATposition);

// Alternative method:

// Separate username and domain - method: using domain array

//$domain = array('@DOMAIN.COM' => '');

//$username = $_SERVER;

//$username = strtr($username, $domain);

// Make sure username has a value before querying database

if (!empty($username))

{

// MySQL connection settings - readonly account recommended:

// CREATE USER 'osticket-readonly'@'localhost' IDENTIFIED BY 'PASSWORD';

// GRANT SELECT (username) ON osticket.ost_staff TO 'osticket-readonly'@'localhost';

define('DBHOST','localhost');

define('DBNAME','osticket');

define('DBUSER','osticket-readonly');

define('DBPASS','PASSWORD');

// Connect to database

$mysqli = new mysqli(DBHOST, DBUSER, DBPASS, DBNAME);

// Check for connection errors

if (!$mysqli->connect_errno)

{

// Query ost_staff table for REMOTE_USER username

$qry_is_agent = "SELECT username FROM ost_staff WHERE username LIKE '" . $username . "'";

$res_is_agent = $mysqli->query($qry_is_agent);

$is_agent = $res_is_agent->num_rows;

}

}

else

{

// Assume user is not an agent

$is_agent = 0;

}

?>

<!-- Load login.php in background for silent login -->

<script type="text/javascript">

window.onload = function() {

var login = new XMLHttpRequest();

login.open('GET', 'osticket/login.php', false);

login.send(null);

};

</script>

<?php

// Username found in the ost_staff table?

// YES --> 1 --> Agent --> Redirect to scp after timeout

// NO --> 0 --> User --> Redirect to end user portal

if ($is_agent == "1")

{

?>

<!-- Redirect to scp after timeout, 1000 = 1 second -->

<script type="text/javascript">

setTimeout('location.href = "osticket/scp/"', 5000);

</script>

<?php

}

else

{

?>

<!-- Redirect to end user portal -->

<script type="text/javascript">

location.href = "osticket/open.php";

</script>

<?php

}

?>

</body>

</html>

Hi,I don't know if this will help anyone, but just in case, here's what I found to work.I was trying to get osTicket to create accounts automatically when a user (client) signed in with their AD creds without any additional work needed for the agents. I read through all the guides I could find, and had ldap-auth & http passthrough working (they were not giving errors), but my users still couldn't log straight in! If I created the account manually and selected AD/LDAP as the auth backend, the users could then log in with their AD credentials, but that wasn't going to help a business with 500+ staff!After sifting through tutorials and php libraries for days, I finally re-read this post, and noticed the following from @[deleted]:If I remember correctly it does not work only with LDAP, so SSO does the trick that the account will be automatically created without any manual action and maybe the registration options are playing another important role. So... What registration method do you use and have you set registration as required or not?

I didn't think it would help, but I tried changing the setting so that it was Public rather than Private, and boom, accounts are automatically created when staff log in for the first time! It was so simple that I didn't even think of it, of course clients need to be able to create accounts (register) themselves for this to work!Hope this helps someone who is in a similar bind. Sorry if it has been stated a million times before!

@[deleted]Glad you got it working finally!I edited your post to emphasize the important change a bit more, hope that's ok ;)

@[deleted] you got it working finally!

I edited your post to emphasize the important change a bit more, hope that's ok ;)

Of course :)

We are trying to configure auth passthru with osticket v1.9.5.1 on CentOS 7.1 and PHP version.  The webserver is joined to AD using realmd and I can log into the webserver using my AD creds.  Looking on the osticket side, when I add users we can type in the first few letter of their username and it pulls AD info automatically so I know LDAP is working we just aren't sure why the passthru isn't. 

Any direction or assistance would be appreciated.