Hello. I installed and configured osTicket v1.14.2 on a Windows 2019 server on Microsoft IIS. Here's my version info and plugins:


I got LDAP authentication working fine against Active Directory for both users and agents. Then I wanted to achieve SSO so users and agents don't have to type their windows passwords if they access the Helpdesk from a domain joined computer. I followed the instructions for "Setting up Kerberos Authentication for a Website in IIS" in this Microsoft tech community article. Since my setup is fairly simple - the machine name / hostname is "helpdesk" and the URL I'm using is https://helpdesk/, so I just enabled Windows authentication and disabled anonymous authentication for osTicket web site in IIS, and it immediately started working for agents. Accessing https://helpdesk/scp automaticaly logins the agents without showing agent login screen. However I'm not able to achieve the same with end user interface. Users are still being asked to provide their user name and password when they access https://helpdesk/ and click "Sign In". Is there a way to avoid this?

Best regards,
George

    So you might not find this helpful.
    Back on IIS 8.5 I tried to get this working and after banging my head against the wall got to where you are now. I gave up. I assumed that I was missing something Windows or IIS related and just have never had the time to try it again. [So I uninstalled the HTTP Passthru Authentication plugin] It looks like we have a similar setup now [Server 2019, IIS 10, PHP 7.4] so if you have the time to dig into this I'd be interested in any solution that you find.

    I think that there is something different in osTicket between user and agent sections regarding authentication. Because anonymous authentication is disabled in IIS, ever successful loading of https://helpdesk/login.php requires authentication and it is done actually (which can be proven if page is loaded from incognito browser session, where automatic credential submission does not work, so the browser's standard login dialog pops up). However osTicket user portal doesn't honor this authentication and keeps user in "guest mode" until manual authentication is made. Maybe someone more skilled in php could dig into it, and found the reason...

      george63

      I had this issue, turns out when I imported users, there was no spot for their actual username. I manually put in their domain username under: Users > User Directory, then clicked a user. There is a Manage Account button which will show you a Manage Access tab. Finally, in there is a field for their username.

      Would be nice as an option to import this bit of information.

        11 days later
        Write a Reply...