OTRS – интеграция с CAS

cas otrs link

Для OTRS v.3

 
1. Install perl library authcas

apt-get install libauthcas-perl

2. Добавить в /opt/otrs/Kernel/Config.pm

$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::CAS';
                 $Self->{'Customer::AuthModule::CAS::Gateway'} = 0;
                 $Self->{'Customer::AuthModule::CAS::ServiceUrl'} =
                 'http://172.20.1.21/customer.pl';
                 $Self->{'Customer::AuthModule::CAS::CASUrl'} = 'https://172.20.1.25:8443/';

3. Создать файл CAS.pm в Kernel/System/CustomerAuth следующего содержания:

# --
# Kernel/System/Auth/CAS.pm - provides the $ENV authentication
# Authentication
# Copyright (C) 2001-2009 OTRS AG, http://otrs.org/
# --
# $Id: HTTPBasicAuth.pm,v 1.15 2009/09/22 15:16:05 mb Exp $
# --
# This software comes with ABSOLUTELY NO WARRANTY. For details, see
# the enclosed file COPYING for license information (AGPL). If you
# did not receive this file, see http://www.gnu.org/licenses/agpl.txt.
# --
# Note:
#
# If you use this module, you should use as fallback the following
# config settings:
#
# If use isn't login through apache ($ENV{REMOTE_USER} or $ENV{HTTP_REMOTE_USER})
# $Self->{CustomerPanelLoginURL} = 'http://host.example.com/not-authorised-for-otrs.html';
#
# $Self->{CustomerPanelLogoutURL} = 'http://host.example.com/thanks-for-using-otrs.html';
# --

package Kernel::System::CustomerAuth::CAS;

use strict;
use warnings;
use CGI;
use AuthCAS;
use CGI;
use CGI::Carp qw( fatalsToBrowser );
#use CGI ':standard';


use vars qw($VERSION);
$VERSION = qw($Revision: 1.15 $) [1];

sub new {
    my ( $Type, %Param ) = @_;

    # allocate new hash for object
    my $Self = {};
    bless( $Self, $Type );

    # check needed objects
    for (qw(LogObject ConfigObject DBObject)) {
        $Self->{$_} = $Param{$_} || die "No $_!";
    }

    # Debug 0=off 1=on
    $Self->{Debug} = 0;

    $Self->{Count} = $Param{Count} || '';

    return $Self;
}

sub GetOption {
    my ( $Self, %Param ) = @_;

    # check needed stuff
    if ( !$Param{What} ) {
        $Self->{LogObject}->Log( Priority => 'error', Message => "Need What!" );
        return;
    }

    # module options
    my %Option = ( PreAuth => 1, );

    # return option
    return $Option{ $Param{What} };
}

sub Auth {
    my ( $Self, %Param ) = @_;
    my $QueryString = $ENV{"QUERY_STRING"} || '';

    my $cas = new AuthCAS(casUrl => $Self->{ConfigObject}->Get('Customer::AuthModule::CAS::CASUrl'));
    my $app_url = $Self->{ConfigObject}->Get('Customer::AuthModule::CAS::ServiceUrl');
    my $Gateway = $Self->{ConfigObject}->Get('Customer::AuthModule::CAS::Gateway' );
    my $User = '';

    # replace parts of login
    $Self->{LogObject}->Log( Priority => 'error', Message => "url $app_url" );
    $Self->{LogObject}->Log( Priority => 'error', Message => "url cas " . $Self->{ConfigObject}->Get('AuthModule::CAS::CASUrl') );
    if ($Gateway == 1) {
#gateway test mode
        $Self->{LogObject}->Log( Priority => 'error', Message => "Entering gateway code" );
        if ($QueryString =~ /ticket/ ) {
          $Self->{LogObject}->Log( Priority => 'error', Message => "ticket = $QueryString" );
          $QueryString =~ /ticket%3D([^&]+)/; my $ST = $1;
          my $User = $cas->validateST($app_url, $ST);
          return $User;
        }


        $Self->{LogObject}->Log( Priority => 'error', Message => "qs = $QueryString" );
        if ($QueryString =~ /checked_cas/) {
          return '';
        }

        my $login_url = $cas->getServerLoginGatewayURL($app_url . '?checked_cas=1');
        my $q = CGI->new( );
        print $q->redirect( -URL => $login_url);
        #$Self->{LogObject}->Log( Priority => 'error', Message => "gw = $login_url" );
#=end gateway test mode
#=cut
    }
    else {
    ###
    ### Redirect the User for login at CAS
    ###
        unless ($QueryString =~ /ticket/ ) {
          $Self->{LogObject}->Log( Priority => 'error', Message => "no ticket $QueryString" );
          my $login_url = $cas->getServerLoginURL($app_url);
          my $q = CGI->new( );
          print $q->redirect( -URL => $login_url);
        }
        else
        {
          $Self->{LogObject}->Log( Priority => 'error', Message => "ticket $QueryString" );
          $QueryString =~ /ticket%3D([^&]+)/; my $ST = $1;
    #      $Self->{LogObject}->Log( Priority => 'error', Message => "st $ST" );
          $User = $cas->validateST($app_url, $ST);
        }
    }

    return $User;
}

1;

 

Назначьте владельца файла и разрешения для файла CAS.pm:

# chown otrs:www-data CAS.pm
# chmod 0660 CAS.pm

 

Для OTRS v.4

1. Install perl library authcas

apt-get install libauthcas-perl

2. Добавить в /opt/otrs/Kernel/Config.pm

##### CAS ####
$Self->{'Customer::AuthModule'} = 'Kernel::System::CustomerAuth::CAS';
$Self->{'Customer::AuthModule::CAS::Gateway'} = 0;
$Self->{'Customer::AuthModule::CAS::ServiceUrl'} = 'http://helpdesk.yourdomain.ru/otrs/customer.pl';
$Self->{'Customer::AuthModule::CAS::CASUrl'} = 'https://proxy.yourdomain.ru:8443/cas/';
$Self->{CustomerPanelLogoutURL} = 'https://proxy.yourdomain.ru:8443/cas/logout';

Строка

$Self->{CustomerPanelLogoutURL} = 'https://proxy.yourdomain.ru:8443/cas/logout';

нужна для разлогинивания в CAS после выхода из OTRS.

3. Создать файл CAS.pm в Kernel/System/CustomerAuth следующего содержания:

# --
# Kernel/System/Auth/CAS.pm - provides the $ENV authentication
# Authentication
# Copyright (C) 2001-2009 OTRS AG, http://otrs.org/
# --
# $Id: HTTPBasicAuth.pm,v 1.15 2009/09/22 15:16:05 mb Exp $
# --
# This software comes with ABSOLUTELY NO WARRANTY. For details, see
# the enclosed file COPYING for license information (AGPL). If you
# did not receive this file, see http://www.gnu.org/licenses/agpl.txt.
# --
# Note:
#
# If you use this module, you should use as fallback the following
# config settings:
#
# If use isn't login through apache ($ENV{REMOTE_USER} or $ENV{HTTP_REMOTE_USER})
# $Self->{CustomerPanelLoginURL} = 'http://host.example.com/not-authorised-for-otrs.html';
#
# $Self->{CustomerPanelLogoutURL} = 'http://host.example.com/thanks-for-using-otrs.html';
# --

package Kernel::System::CustomerAuth::CAS;

use strict;
use warnings;
use CGI;
use AuthCAS;
use CGI;
use CGI::Carp qw( fatalsToBrowser );
#use CGI ':standard';

our @ObjectDependencies = (
    'Kernel::Config',
    'Kernel::System::DB',
    'Kernel::System::Log',
);

use vars qw($VERSION);
$VERSION = qw($Revision: 1.15 $) [1];

sub new {
    my ( $Type, %Param ) = @_;

    # allocate new hash for object
    my $Self = {};
    bless( $Self, $Type );

    # check needed objects
##    for (qw(LogObject ConfigObject DBObject)) {
##        $Self->{$_} = $Param{$_} || die "No $_!";
##    }

    $Self->{ConfigObject} = $Kernel::OM->Get('Kernel::Config');
    $Self->{LogObject} = $Kernel::OM->Get('Kernel::System::Log');
    $Self->{DBObject} = $Kernel::OM->Get('Kernel::System::DB');
    
    # Debug 0=off 1=on
    $Self->{Debug} = 0;

    $Self->{Count} = $Param{Count} || '';

#    $Self->{NotParent} = 1;
    return $Self;
}

sub GetOption {
    my ( $Self, %Param ) = @_;

    # check needed stuff
     if ( !$Param{What} ) {
        $Kernel::OM->Get('Kernel::System::Log')->Log(
            Priority => 'error',
            Message  => "Need What!"
        );
        return;
    }
##   if ( !$Param{What} ) {
##        $Self->{LogObject}->Log( Priority => 'error', Message => "Need What!" );
##        return;
##    }

    # module options
##    my %Option = ( PreAuth => 0, );
    my %Option = ( PreAuth => 1, );

    # return option
    return $Option{ $Param{What} };
}

sub Auth {
    my ( $Self, %Param ) = @_;

##    my $QueryString = $ENV{QUERY_STRING} || '';
    my $QueryString;

    my $request_method = $ENV{REQUEST_METHOD};
    if ($request_method eq "GET"){
          $QueryString = $ENV{QUERY_STRING};
    }elsif ($request_method eq "POST"){
##          sysread(STDIN, $QueryString, $ENV{CONTENT_LENGTH});
          $QueryString = $ENV{HTTP_REFERER};
    }

#$Self->{LogObject}->Log( Priority => 'error', Message =>"\n\n>>>>>>>>>>>beg");
#foreach my $var (sort keys %ENV) { # просмотр переменных окружения
#    $Self->{LogObject}->Log( Priority => 'error', Message => $var . "\t=\t" . $ENV{$var});
#}
#$Self->{LogObject}->Log( Priority => 'error', Message => ">>>>>>>>>>>>>end\n\n");

    my $cas = new AuthCAS(casUrl => $Self->{ConfigObject}->Get('Customer::AuthModule::CAS::CASUrl'));
    my $app_url = $Self->{ConfigObject}->Get('Customer::AuthModule::CAS::ServiceUrl');
    my $Gateway = $Self->{ConfigObject}->Get('Customer::AuthModule::CAS::Gateway' );
    my $User = '';

    # replace parts of login
#    $Self->{LogObject}->Log( Priority => 'error', Message => "url $app_url" );
#    $Self->{LogObject}->Log( Priority => 'error', Message => "url cas " . $Self->{ConfigObject}->Get('Customer::AuthModule::CAS::CASUrl') );
    if ($Gateway == 1) {
#gateway test mode
#        $Self->{LogObject}->Log( Priority => 'error', Message => "Entering gateway code>$QueryString" );
        if ($QueryString =~ /ticket/ ) {
#          $Self->{LogObject}->Log( Priority => 'error', Message => "ticket = $QueryString" );
          $QueryString =~ /ticket%3D([^&]+)/; my $ST = $1;
          my $User = $cas->validateST($app_url, $ST);
          return $User;
        }

#        $Self->{LogObject}->Log( Priority => 'error', Message => "===> 01" );

#        $Self->{LogObject}->Log( Priority => 'error', Message => "qs = $QueryString" );
        if ($QueryString =~ /checked_cas/) {
          return '';
        }

        my $login_url = $cas->getServerLoginGatewayURL($app_url . '?checked_cas=1');
        my $q = CGI->new( );
        print $q->redirect( -URL => $login_url);
        #$Self->{LogObject}->Log( Priority => 'error', Message => "gw = $login_url" );
#=end gateway test mode
#=cut
    }
    else {
    ###
    ### Redirect the User for login at CAS
    ###
#    $Self->{LogObject}->Log( Priority => 'error', Message => "QueryString>$QueryString");
        unless ($QueryString =~ /ticket/ ) {
#    $Self->{LogObject}->Log( Priority => 'error', Message => "1111111111");

#          $Self->{LogObject}->Log( Priority => 'error', Message => "no ticket $QueryString" );
          my $login_url = $cas->getServerLoginURL($app_url);
          my $q = CGI->new( );
          print $q->redirect( -URL => $login_url);
        }
        else
        {
#    $Self->{LogObject}->Log( Priority => 'error', Message => "222222222222222");
#          $Self->{LogObject}->Log( Priority => 'error', Message => "ticket $QueryString" );
          $QueryString =~ /ticket%3D([^&]+)/; my $ST = $1;
#          $Self->{LogObject}->Log( Priority => 'error', Message => "st $ST" );
          $User = $cas->validateST($app_url, $ST);
        }
    }

    return $User;
}

#sub DESTROY {
#    my $Self = shift;
#    $Self->{LogObject}->Log( Priority => 'error', Message => "NoParent > " . $Self->{NotParent});
#    if ( $Self->{NotParent} ) {
#
#
#    my $QueryString;
#
#    my $request_method = $ENV{REQUEST_METHOD};
#    if ($request_method eq "GET"){
#          $QueryString = $ENV{QUERY_STRING};
#    }elsif ($request_method eq "POST"){
##          sysread(STDIN, $QueryString, $ENV{CONTENT_LENGTH});
#          $QueryString = $ENV{HTTP_REFERER};
#    }
#    $Self->{LogObject}->Log( Priority => 'error', Message => "QueryString logout > $QueryString");
#
#        unless ($QueryString =~ /ticket/ ) {
#    $Self->{LogObject}->Log( Priority => 'error', Message => "77777777777");
#        }
#        else
#        {
#
#    my $cas = new AuthCAS(casUrl => $Self->{ConfigObject}->Get('Customer::AuthModule::CAS::CASUrl'));
#    my $app_url = $Self->{ConfigObject}->Get('Customer::AuthModule::CAS::ServiceUrl');
#    $Self->{LogObject}->Log( Priority => 'error', Message => "44444444444444");
#    my $logout_url = $cas->getServerLogoutURL($app_url);
#    $Self->{LogObject}->Log( Priority => 'error', Message => "logout_url>$logout_url");
#    my $q = CGI->new( );
#    $Self->{LogObject}->Log( Priority => 'error', Message => "55555");
#    print $q->redirect( -URL => $logout_url);
#    $Self->{LogObject}->Log( Priority => 'error', Message => "666666");
#}
#    # disconnect if it's not a parent DBObject
##    if ( $Self->{NotParentDBObject} ) {
##        if ( $Self->{DBObject} ) {
##            $Self->{DBObject}->Disconnect();
#        }
#    }
#    return 1;
#}

1;

 

Назначьте владельца файла и разрешения для файла CAS.pm:

# chown otrs:www-data CAS.pm
# chmod 0660 CAS.pm

 

Что почитать на тему:
http://forums.otterhub.org/viewtopic.php?t=14809
http://lists.otrs.org/pipermail/otrs/2011-July/036205.html
http://jinujoz.blogspot.ru/2012/11/blog-post.html

 

Закладка Постоянная ссылка.

Добавить комментарий

Ваш e-mail не будет опубликован.

*