After adding following lines to the file scp/login.php staff users can login to scp without entering username/password.
Users must exist in osTicket (username = AD-Accountname).
Tested with Active Directory and IIS (Authentification: no anonymous)
Maybe it works also in other envoirements.
FIND (~ 25):
$msg=$msg?$msg:'Authentication Required';
ADD after:
// ############### NTML-Login MOD // Start ################
// Single Sign On via NTML authentification
// User must be a registered staff member within osTicket
// SSO-Login is used secondarily (if username is posted, this code will not be processed)
//
// check if $_POST exists: login button must be clicked (otherwise logout will not work) and no username has been entered
//(maybe you don't always want ntml authentification)
// and check if $_GET exists (quick login via favorites-link)
// check if ntml-authentification is possible (REMOTE_USER filled)
if ( ($_POST && (empty($_POST)) || isset($_GET) ) &&
isset($_SERVER) && !empty($_SERVER) ) {
// get LDAP username
$LDAPusername = $_SERVER;
//strip the domainname
if ($atpos = strpos($LDAPusername , "@")) {
$LDAPusername = substr($username, 0, $atpos);
} else {
$LDAPusername = substr(strrchr($LDAPusername, '\\'), 1);
}
// is a valid username?
if (($user=new StaffSession($LDAPusername)) && $user->getId()) {
//no errors ? then login and redirect (nearly original code)
if(!$errors) {
//update last login.
db_query('UPDATE '.STAFF_TABLE.' SET lastlogin=NOW() WHERE staff_id='.db_input($user->getId()));
//Figure out where the user is headed - destination!
$dest=$_SESSION;
//Now set session crap and lets roll baby!
$_SESSION=array(); //clear.
$_SESSION=$LDAPusername; //changed (was $_POST;)
$user->refreshSession(); //set the hash.
$_SESSION=$user->getTZoffset();
$_SESSION=$user->observeDaylight();
Sys:(LOG_DEBUG,'Staff SSO login',sprintf("%s logged in ",$user->getUserName(),$_SERVER)); //Debug.
//Redirect to the original destination. (make sure it is not redirecting to login page.)
$dest=($dest && (!strstr($dest,'login.php') && !strstr($dest,'ajax.php')))?$dest:'index.php';
session_write_close();
session_regenerate_id();
@header("Location: $dest");
require_once('index.php'); //Just incase header is messed up.
exit;
}
} else {
//User not found, send message
$msg='Authentication Required - SSO Login failed';
}
}
// ############### NTML-Login MOD // END ################
Hope this helps someone.
Greets