Hello,
Znuny 6.5.11 LTS here with Apache Mellon as SSO module (IDP is RedHat SSO/Keycloak).
I'm having an issue when a user is not logged and is trying to reach a specific page (let's say AgentTicketZoom to read a ticket for instance).
Once SSO is done, Znuny does not redirect to the right page but at the homepage.
Let's break it down:
1. Agent opens:2. Znuny returns a redirection to:3. ...which calls CommonJS, which trigger:Arguments contain:4. At this moment, a redirection is returned and the SSO procedure starts. Note the "Reason=LoginFailed" at this point:5. IDP checks the SAML request:Arguments contain: 6. Agent now authenticates itself.
7. IDP now redirects toPayload contains:8. Now Znuny redirects to:Agent lands now on the homepage and not /otrs/index.pl?Action=AgentTicketZoom;TicketID=2944977 as required.
My question is: why is Znuny returning the "Reason=LoginFailed" and how can I force the good redirection after SSO?
Thank you very much for your help.
Additional informations:
/opt/otrs/Kernel/Config.pm/etc/apache2/conf-enabled/mellon.conf
Znuny 6.5.11 LTS here with Apache Mellon as SSO module (IDP is RedHat SSO/Keycloak).
I'm having an issue when a user is not logged and is trying to reach a specific page (let's say AgentTicketZoom to read a ticket for instance).
Once SSO is done, Znuny does not redirect to the right page but at the homepage.
Let's break it down:
1. Agent opens:
Code:
GET https://ZNUNY/otrs/index.pl?Action=AgentTicketZoom;TicketID=2944977Code:
GET https://ZNUNY/otrs/index.pl?Action=PreLogin&RequestedURL=Action=AgentTicketZoom;TicketID=2944977Code:
POST https://ZNUNY/otrs/index.plCode:
"Action": "Login","RequestedURL": "Action=AgentTicketZoom;TicketID=2944977"Code:
GET https://ZNUNY/sso/login?ReturnTo=/otrs/index.pl?Reason=LoginFailed&RequestedURL=Action%3DAgentTicketZoom%3BTicketID%3D2944977Code:
GET https://IDP/auth/realms/REALM/protocol/saml?SAMLRequest=<payload>Code:
RelayState: /otrs/index.pl?Reason=LoginFailed7. IDP now redirects to
Code:
POST https://ZNUNY/sso/postResponseCode:
RelayState: /otrs/index.pl?Reason=LoginFailedCode:
GET https://ZNUNY/otrs/index.pl?Reason=LoginFailedMy question is: why is Znuny returning the "Reason=LoginFailed" and how can I force the good redirection after SSO?
Thank you very much for your help.
Additional informations:
/opt/otrs/Kernel/Config.pm
Code:
$Self->{'AuthModule'} = 'Kernel::System::Auth::HTTPBasicAuth';$Self->{'AuthModule1'} = 'Kernel::System::Auth::LDAP';$Self->{'LoginURL'} = '/sso/login?ReturnTo=/otrs/index.pl';$Self->{'LogoutURL'} = '/sso/logout?ReturnTo=/';Code:
SetEnv MELLON_DISABLE_SAMESITE 1# Global Mellon configuration.<Location />MellonEnable infoMellonEndpointPath /ssoMellonSPPrivateKeyFile /etc/apache2/mellon/client-private-key.pemMellonSPCertFile /etc/apache2/mellon/client-cert.pemMellonSPMetadataFile /etc/apache2/mellon/sp-metadata.xmlMellonIdPMetadataFile /etc/apache2/mellon/idp-metadata.xml#MellonMergeEnvVars OnMellonUser NAME_IDMellonSetEnvNoPrefix REMOTE_USER NAME_ID</Location># Guard web interface only.<Location /(znuny|otrs)/index.pl>AuthType MellonMellonEnable authRequire valid-userMellonPostReplay OnMellonSecureCookie OnMellonDefaultLoginPath "/otrs/index.pl"MellonCookieSameSite none</Location>Statistics: Posted by swicsk — 06 Nov 2024, 15:29 — Replies 0 — Views 36