Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

In this Discussion

osTicket v1.10 (stable) and Maintenance Release v1.9.15 are now available! Go get it now

Suggestion for newer releases

You guys are running great software and I understand that it is hard to keep up with technologies as it is open source. I admit that osTicket changed our organization from the day one we started using it and now more and more departments want to get on board. So originally started in IT now we have few more.

As a suggestion for future releases I think great option (or plugin) would be if it is possible to introduce as a plugin SAML single sign-on, this is direction that most software solutions are going and going forward what would be a big plus. I would gladly help in my spare time on this if you guys have an interest in building this feature.

Additional suggestion for future releases is session management. Right now if you login with for example username "user1" to the front-end (to create ticket) and then login as agent with same username, you get logged out from the front end and vice-versa. Sometime we use internally ticketing system for processes thus I use both front-end and back-end as user and agent.

Ivan

Comments

  • Thanks for the suggestion.

    Have you seen that there are a number of auth plugins at: osticket.com/download click on plugins.
    And several more that are being developed at https://github.com/osTicket/osTicket-plugins
  • Thanks for quick response! I did I didn't see anywhere SAML SSO (or in our case Microsoft AD FS as one of many SAML SSO solutions).

    Ivan
  • AD Microsoft's proprietary LDAP implementation.  So you would use the LDAP plugin.
  • Yes we do use LDAP at the moment, but on enterprise level where we run dozen of applications for users Single SIgn-on is crucial piece for not having to type username and password for each, rather they would login once to our portal and every other web application they would open they will be logged in instead of typing username and password each time. Especially in cases where timeout for our applications is 10-15 minutes (depending on application) where AD FS has longer timeout. So even if they get logged out on application level, as long as AD FS token is valid, with simple click they would get logged in again on application level. It is at the same time secure and provides better user experience.
  • So then wouldn't also want to use the HTTP Passthrough Auth plugin?
  • No, SAML and HTTP Passthrough are different. SAML makes request in XML format to IDP (Identity Provider) and receives response in XML with specific claims that application is setup for. Reason why many organizations are moving toward SAML SSO or similar services is because they may have several different user directories that they want to combine but yet keep them separated, thus you can have 3 different active directories, for vendors, employees, guests, etc. IDPs are there to combine them all in one and use them for your applications. Another great feature is that you don't have to open up your firewall and manage all AD connections through LDAP, IDPs are built to be web based and have many security features in place where LDAP is just a protocol and user have to build security features in their applications.
Sign In or Register to comment.