Topic Resolution: Resolved
Viewing 2 reply threads
  • Author
    Posts
    • 19. Oktober 2023 at 16:52 - Views: 208 #15744
      Alexandru Mateescu
      Participant

        HI all

        Just migrated our OTS to Otobo and i was interested and connecting customers with O365.

        As i understand Otobo supports openid connect so i was wondering if there is any documentation about it.

        Thanks

      • 23. Oktober 2023 at 15:03 #15761
        Alexandru Mateescu
        Participant

          I managed to enable OpenIDConnect and now when i am trying the customer.pl page i get „An error occured! Please check the browser error log for more details!“.

          When looking up the details i get „JavaScriptError: Syntax error, unrecognized expression: #“ any hints on what logs to enable to find the actual issue?

           

        • 24. Oktober 2023 at 12:04 #15767
          Alexandru Mateescu
          Participant

            After spending 2 full days on this i managed to crack it so i hope that the below will help others as well.

            The OpenIDConnect settings that you can find on the forum are mostly correct but they have a mistake.

            Please see below my working configuration.

            $Self->{‚Customer::AuthModule‘} = ‚Kernel::System::CustomerAuth::OpenIDConnect‘;
            $Self->{‚Customer::AuthModule::OpenIDConnect::AuthRequest‘}->{ResponseType} = [ ‚code‘ ];
            # $Self->{‚Customer::AuthModule::OpenIDConnect::AuthRequest‘}->{ResponseType} = [ ‚id_token‘ ]; –> you neec to comment out this like. AzureAD does not have ‚id_token‘
            $Self->{‚Customer::AuthModule::OpenIDConnect::AuthRequest‘}->{AdditionalScope} = [qw/profile email/];
            $Self->{‚Customer::AuthModule::OpenIDConnect::Config‘}{ClientSettings} = {
            ClientID => ‚From AzureAD‘,
            RedirectURI => ‚https://your.domain/otobo/customer.pl?Action=Login‘,
            };
            $Self->{‚Customer::AuthModule::OpenIDConnect::Config‘}{ClientSettings}{ClientSecret} = ‚From AzureAD‘;
            $Self->{‚Customer::AuthModule::OpenIDConnect::Config‘}{ProviderSettings} = {
            OpenIDConfiguration => ‚From AzureAD‘,
            SSLOptions => 0,
            };
            $Self->{‚Customer::AuthModule::OpenIDConnect::UID‘} = ‚upn‘;
            $Self->{‚Customer::AuthModule::OpenIDConnect::Config‘}{Misc} = {
            UseNonce => 1, # add a nonce to request and token (this is primarily important for the implicit flow where it is enabled by default)
            RandLength => 22, # length for state and nonce random strings – default: 22
            RandTTL => 60 * 5, # valid time period for state and nonce (roughly the time a user can take to authenticate) – default: 300 s
            };
            $Self->{‚AuthModule::OpenIDConnect::UserMap‘} = {
            email => ‚UserEmail‘,
            given_name => ‚UserFirstname‘,
            family_name => ‚UserLastname‘,
            };
            $Self->{‚Customer::AuthModule::OpenIDConnect::Debug‘}->{‚LogIDToken‘} = 1;

             

             

        • Author
          Posts
        Viewing 2 reply threads
        • You must be logged in to reply to this topic.