Topic Resolution: Resolved
Ansicht von 2 Antwort-Themen
  • Autor
    Beiträge
    • 19. Oktober 2023 um 16:52 Uhr - Views: 265 #15744
      Alexandru Mateescu
      Teilnehmer

        HI all

        Just migrated our OTS to Otobo and i was interested and connecting customers with O365.

        As i understand Otobo supports openid connect so i was wondering if there is any documentation about it.

        Thanks

      • 23. Oktober 2023 um 15:03 Uhr #15761
        Alexandru Mateescu
        Teilnehmer

          I managed to enable OpenIDConnect and now when i am trying the customer.pl page i get “An error occured! Please check the browser error log for more details!”.

          When looking up the details i get “JavaScriptError: Syntax error, unrecognized expression: #” any hints on what logs to enable to find the actual issue?

           

        • 24. Oktober 2023 um 12:04 Uhr #15767
          Alexandru Mateescu
          Teilnehmer

            After spending 2 full days on this i managed to crack it so i hope that the below will help others as well.

            The OpenIDConnect settings that you can find on the forum are mostly correct but they have a mistake.

            Please see below my working configuration.

            $Self->{‘Customer::AuthModule’} = ‘Kernel::System::CustomerAuth::OpenIDConnect’;
            $Self->{‘Customer::AuthModule::OpenIDConnect::AuthRequest’}->{ResponseType} = [ ‘code’ ];
            # $Self->{‘Customer::AuthModule::OpenIDConnect::AuthRequest’}->{ResponseType} = [ ‘id_token’ ]; –> you neec to comment out this like. AzureAD does not have ‘id_token’
            $Self->{‘Customer::AuthModule::OpenIDConnect::AuthRequest’}->{AdditionalScope} = [qw/profile email/];
            $Self->{‘Customer::AuthModule::OpenIDConnect::Config’}{ClientSettings} = {
            ClientID => ‘From AzureAD’,
            RedirectURI => ‘https://your.domain/otobo/customer.pl?Action=Login’,
            };
            $Self->{‘Customer::AuthModule::OpenIDConnect::Config’}{ClientSettings}{ClientSecret} = ‘From AzureAD’;
            $Self->{‘Customer::AuthModule::OpenIDConnect::Config’}{ProviderSettings} = {
            OpenIDConfiguration => ‘From AzureAD’,
            SSLOptions => 0,
            };
            $Self->{‘Customer::AuthModule::OpenIDConnect::UID’} = ‘upn’;
            $Self->{‘Customer::AuthModule::OpenIDConnect::Config’}{Misc} = {
            UseNonce => 1, # add a nonce to request and token (this is primarily important for the implicit flow where it is enabled by default)
            RandLength => 22, # length for state and nonce random strings – default: 22
            RandTTL => 60 * 5, # valid time period for state and nonce (roughly the time a user can take to authenticate) – default: 300 s
            };
            $Self->{‘AuthModule::OpenIDConnect::UserMap’} = {
            email => ‘UserEmail’,
            given_name => ‘UserFirstname’,
            family_name => ‘UserLastname’,
            };
            $Self->{‘Customer::AuthModule::OpenIDConnect::Debug’}->{‘LogIDToken’} = 1;

             

             

        • Autor
          Beiträge
        Ansicht von 2 Antwort-Themen
        • Du musst angemeldet sein, um auf dieses Thema antworten zu können.