auth-passthru on Apache and Azure AD

whitestar75

Hello, I have successfully installed osTicket v1.15.3.1 on Apache 2.4 (Ubuntu).
After some reading I configured Apache to authenticate with my Azure AD via SAML/SSO. I can confirm that authentication is successful, after it is done I see my email (userPrincipalName) in Apache logs.
I have installed and enabled auth-passthru ("HTTP Passthru Authentication") plugin.
However, even after Apache successfully authenticates with Azure AD, I see "Guest User" in right top corner of osTicket and cannot progress - it thinks I am not authenticated.
What am I missing here? Any help will be appreciated.

ntozier

I'm not super versed on how this works, but my understanding was that the Authentication::LDAP and AD plugin works in tandem with the Authentication::HTTP Pass-through to make this sort of thing work.

Maybe someone else who has setup something like this can assist you better with this than I can.

whitestar75

I was under impression that LDAP plugin responsible for synchronization and user creation, maybe I am mistaking. I am OK to create and update users manually, if it is possible but still use SSO for authentication.
Hope this is possible.

ramrajone

whitestar75
I believe there is a two-step process:

Add or import users https://docs.osticket.com/en/latest/Agent/Users/User%20Directory.html#add-new-users
set the Authentication sources to LDAP

the SSO should work as long as you have correct LDAP setup

ntozier

The Authentication::LDAP and AD plugin never made users for us, so we use a paid 3rd party plugin called: adSync for that.

see:
https://forum.osticket.com/d/92286-resources-for-osticket

As a note: Community plugins are made by the community not the developers. They are not supported or recommended by the Developers and are not affiliated with the Development Team.