I meant that I do not have any AD/ldap server able to be connected using ldap plugin. All posts and information i've found details how to use ldap+passthrough plugin together.

In my case, the user is authenticated against azure ad. Once authenticated, user is authorized to acces scp backend. Also, a claim is returned with the username of the authenticated user. This username is set to REMOTE_USER, where actually I can confirm.

Finally, I am stuck at this point. I can't see how osticket can consume this information using passthru plugin (I guessed it was possible)

Apologies if I am not clear enough, feel free to ask for clarification

Thanks

- How come you have not updated to latest stable release? - Has this ever worked for you in the past?

Hi,1. Did not need it at the moment, however do you suggest me to update to 1.10 or 1.9.15 (currently running 1.9.13)? 2. No, first time I try to. Previously we were running OSTicket in our internal network with access to our Active Directory servers using ldap plugin which it was working flawlessly. However right now installation must be moved to DMZ. Since we already have Azure AD and after taking a look at passthru plugin I was expecting to authenticated with Azure AD and ingest the username to the plugin. Looks like similar what my understanding of passthru plugin does:- Webserver requests auth to user and webserver authenticates to local AD using domain credentials- If it is successfully authenticated, webserver passes the username to OSTicke. Then passthru plugin searches in OSTicket database for the username (either in staff or client). Those usernames, which are created previously, can be created manually (will be my case) or "auto-filled" via ldap plugin in case you have AD accessible.- Finally if username exists, user (staff or client) can access to OSTicket without typing credentials again.Makes sense?Thanks!

Hold up, you are using passthru? Try using LDAP plugin and connect it to AZURE. Shouldn't you also have a local DC onsite that replicates with Azure?

Hi,We do not have a DC onsite in our DMZ.LDAP plugin cannot connect to AZURE AD (It uses federation services). That's why we use mod_mellon (apache saml module) to authenticate.Do you know if passthru can only be used with ldap plugin? Is @[deleted] the author of the plugin?

Q: Do you know if passthru can only be used with ldap plugin?A: no idea..Q: Is @[deleted] the author of the plugin?A: Pretty sure he is.

Hi,Anyone knows how passthru plugin actually works besides the documented ldap+passthru integration?Thanks!

Good news it worked, sadly I forgot to allow the user which I was testing with to authenticate with any backend...I think it is a pretty useful configuration for users who need to run OSTicket in the cloud or in DMZ (without accessing to an ldap source) to be able to authenticate using Azure AD or any other identity provider.Let me know if you need further info

    "I forgot to allow the user which I was testing with to authenticate with any backend"/facepalmI totally should have asked about that....If you need more help with this I think that your best bet would be to open a feature/issue report at:https://github.com/osTicket/osTicket-plugins

    Do you mind explaining a little as to what exactly you did in case someone else needs assistance while searching the forums?

    3 years later

    Go to: Admin panel -> Agents and click on the agent you want to edit.
    See Authentication Backend.
    The option is the top one in the drop down box.

    Killing zombie thread with a head shot.

    Write a Reply...