SSO SAML plugin
Hi,
Thank you for your reply.
Are you currently using it with osTicket in production?
yes. 1.14.x version
Hello Salik,
Would you like to implement a proof-of-concept for our team?
We are looking at this, and to user the AD plugins with Azure AD, but I'm not sure the AD plugin can do what we want; e.g. it cannot restrict only certain users to access the system.
Thank you,
Mark
MarkHoward
I am sorry bad english.
Hello, our scenario is as follows. First of all, anyone can log into Osticket. If the user is not registered in Ostickette, he logs in as an unauthorized user by default. For example: Only the people we add to Osticket can log in to the representative (admin) panel.
Hello,
If you, or anyone you know, would like to do a paid engagement to set this up in a test environment, please let me know.
Thank you!
MarkHoward
hi, detail info send to email. salihk06 (at) gmail.com
- Edited
I implemented a commercial version with more features.
You can see the available settings and it's description here:
https://forum.osticket.com/d/93267-sso-saml-plugin-for-osticket-compatible-with-1-9-x-and-1-10-x/10
I have versions for 1.9 - 1.14
P.S @salihkiraz I see you are using php-saml as the library to handle SAML, I'm its author, I recommend you to use the 3.X branch which is compatible with PHP5.6 as well as PHP7.X
Hi,
Question about the saml plugin.
I got the following information from ID Provider:
Identity Provider Entity ID
Identity Provider X509 Cert
Identity Provider SSO URL
So, how to generate or configure the following fields?
Service Provider Entity ID
Assertion Consumer Service URL
thanks
- Edited
Sorry if I am being naive. I just started using osTicket. Would like to know how this plugin can be added to my ostikcet installation. For the LDAP and Pass through plugins, there was a .phar file.
But I am not sure how the plugin mentioned in this git repository can be added to my installation of osticket.
thanks
I figured out how to add the plugin. And now trying to figure out the configuration.
Identity Provider Entity ID
Identity Provider X509 Cert
Identity Provider SSO URL
Service Provider Entity ID
Assertion Consumer Service URL
Attribute Mapping
Attribute Mapping Options
Name
Surname
Got this configured for my ADFS. If I sign in with an account that has not been registered previously, I get an err stating that an administrator needs to register an account. Is this plugin supposed to auto-register if the user has not been seen before?
@bpearson these may be the steps you are missing to get the settings:
obviously this is for a generic system- but you need to use SAML2 and connect azure AD or similar to this system in the simplesaml config
https://www.lewisroberts.com/2015/09/05/single-sign-on-to-azure-ad-using-simplesamlphp/
From the command line make a temporary directory, next go itno the directory and type git clone https://github.com/salihkiraz/osticket-auth-saml.git next cp -R osticket-auth-saml to your osticket include/plugin directory. After you have copied it to plugin directory make sure that you set the owenership of new directory to match what is already present.
- Edited
I successfully download and activated the osticket-auth-saml plugin. Created Enterprise Application in Azure AD (our idp), configured both with the same parameters.
The only problem - once I click "Sign in with SSO" on the login page, successfully redirects to Azure AD and returns to my osTicket instance homepage. Still shows user "Gues", no other errors or indicators.
Suspecting that the problem is with "Assertion Consumer Service URL", tried all possible variant with no success.
I will really appreciate any help with this problem.
Thank you in advance!