<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Segoe UI";
panose-1:2 11 5 2 4 2 4 2 2 3;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
@font-face
{font-family:Georgia;
panose-1:2 4 5 2 5 4 5 2 3 3;}
@font-face
{font-family:"Segoe UI Light";
panose-1:2 11 5 2 4 2 4 2 2 3;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Vorformatiert Zchn";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
span.HTMLVorformatiertZchn
{mso-style-name:"HTML Vorformatiert Zchn";
mso-style-priority:99;
mso-style-link:"HTML Vorformatiert";
font-family:"Consolas",serif;}
span.E-MailFormatvorlage20
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 2.0cm 70.85pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="DE" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US">Re: SSO with Windows/Domain-Login<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US">You can use ntlm auth on your webserver and configure RT to user the Webserver Authentication
<a href="https://docs.bestpractical.com/rt/4.2.12/authentication.html#WebRemoteUserAuth">
https://docs.bestpractical.com/rt/4.2.12/authentication.html#WebRemoteUserAuth</a> Chrome + IE support NTLM out of the box. Firefox needs some config:
<a href="http://superuser.com/questions/664656/how-to-configure-firefox-for-ntlm-sso-single-sign-on">
http://superuser.com/questions/664656/how-to-configure-firefox-for-ntlm-sso-single-sign-on</a><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US">Ntlm with apache:
<a href="http://modntlm.sourceforge.net/">http://modntlm.sourceforge.net/</a><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<div>
<table class="MsoNormalTable" border="0" cellpadding="0">
<tbody>
<tr>
<td style="border-top:solid #505050 1.0pt;border-left:none;border-bottom:solid #505050 1.0pt;border-right:none;padding:3.75pt 0cm 3.75pt 0cm">
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Tahoma",sans-serif;color:#505050">Vinzenz Sinapius
<br>
Information Technology | Informationstechnik<br>
<br>
</span><b><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif;color:#63666A">trace</span></b><b><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif;color:#ED8B00">tronic</span></b><b><span style="font-size:8.0pt;font-family:"Tahoma",sans-serif;color:#505050">
</span></b><span style="font-size:8.0pt;font-family:"Tahoma",sans-serif;color:#505050">GmbH<br>
Stuttgarter Str. 3<br>
01189 DRESDEN<br>
GERMANY <br>
<br>
Phone: +49 351 205768-167<br>
Fax: +49 351 205768-999<br>
E-mail: <a href="mailto:vinzenz.sinapius@tracetronic.de"><span style="color:#505050">vinzenz.sinapius@tracetronic.de</span></a>
<br>
<br>
Head Office | Hauptsitz: Stuttgarter Str. 3, 01189 DRESDEN, GERMANY <br>
Managing Directors | Geschäftsführer: Dr.-Ing. Rocco Deutschmann, Dr.-Ing. Peter Strähle
<br>
Registration Court | Registergericht: Amtsgericht Dresden, HRB 23 086 </span><span style="font-size:8.0pt;color:#505050"><o:p></o:p></span></p>
</td>
</tr>
</tbody>
</table>
</div>
<p class="MsoNormal"><span style="mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif">Von:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"> rt-users [mailto:rt-users-bounces@lists.bestpractical.com]
<b>Im Auftrag von </b>t s<br>
<b>Gesendet:</b> Mittwoch, 18. Mai 2016 19:08<br>
<b>An:</b> Lush, Aaron <alush@scentral.k12.in.us>; rt-users@lists.bestpractical.com<br>
<b>Betreff:</b> Re: [rt-users] SSO (Single Sign-On) for RT<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div id="divtagdefaultwrapper">
<p style="background:white"><span style="font-family:"Calibri",sans-serif;color:black">How about any other way to simulate SSO? Our users simply don't want to log in...........<o:p></o:p></span></p>
<p style="background:white"><span style="font-family:"Calibri",sans-serif;color:black"><o:p> </o:p></span></p>
<p style="background:white"><span style="font-family:"Calibri",sans-serif;color:black">Such as, how long does an Active Directory login last before a user has to log in again? Is there a setting in RT_SiteConfig to extend that, maybe to forever?<o:p></o:p></span></p>
<p style="background:white"><span style="font-family:"Calibri",sans-serif;color:black"><o:p> </o:p></span></p>
<p style="background:white"><span style="font-family:"Calibri",sans-serif;color:black">Or, is there a way to detect the Windows username and pass that through without requiring login and authentication?<o:p></o:p></span></p>
<p style="background:white"><span style="font-family:"Calibri",sans-serif;color:black"><o:p> </o:p></span></p>
<p style="background:white"><span style="font-family:"Calibri",sans-serif;color:black">Thanks,<o:p></o:p></span></p>
<p style="background:white"><span style="font-family:"Calibri",sans-serif;color:black">ts<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-bottom:12.0pt;background:white"><span style="font-family:"Calibri",sans-serif;color:black"><o:p> </o:p></span></p>
<div>
<div class="MsoNormal" align="center" style="text-align:center;background:white">
<span style="font-family:"Calibri",sans-serif;color:black">
<hr size="2" width="98%" align="center">
</span></div>
<div id="divRplyFwdMsg">
<p class="MsoNormal" style="background:white"><b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri",sans-serif;color:black"> rt-users <rt-users-bounces@lists.bestpractical.com>
on behalf of t s <zzzz67@hotmail.com><br>
<b>Sent:</b> Tuesday, May 17, 2016 1:18 PM<br>
<b>To:</b> Lush, Aaron<br>
<b>Cc:</b> rt-users@lists.bestpractical.com<br>
<b>Subject:</b> Re: [rt-users] SSO (Single Sign-On) for RT</span><span style="font-family:"Calibri",sans-serif;color:black">
<o:p></o:p></span></p>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Calibri",sans-serif;color:black"> <o:p></o:p></span></p>
</div>
</div>
<div>
<pre style="background:white;-ms-word-wrap: break-word"><span style="font-family:"Tahoma",sans-serif;color:black">4.2<o:p></o:p></span></pre>
<pre style="background:white"><span style="font-family:"Tahoma",sans-serif;color:black"><o:p> </o:p></span></pre>
<pre style="background:white"><span style="font-family:"Tahoma",sans-serif;color:black">--- Original Message ---<o:p></o:p></span></pre>
<pre style="background:white"><span style="font-family:"Tahoma",sans-serif;color:black"><o:p> </o:p></span></pre>
<pre style="background:white"><span style="font-family:"Tahoma",sans-serif;color:black">From: "Lush, Aaron" <alush@scentral.k12.in.us><o:p></o:p></span></pre>
<pre style="background:white"><span style="font-family:"Tahoma",sans-serif;color:black">Sent: May 17, 2016 1:15 PM<o:p></o:p></span></pre>
<pre style="background:white"><span style="font-family:"Tahoma",sans-serif;color:black">To: "t s" <zzzz67@hotmail.com><o:p></o:p></span></pre>
<pre style="background:white"><span style="font-family:"Tahoma",sans-serif;color:black">Cc: rt-users@lists.bestpractical.com<o:p></o:p></span></pre>
<pre style="background:white"><span style="font-family:"Tahoma",sans-serif;color:black">Subject: Re: [rt-users] SSO (Single Sign-On) for RT<o:p></o:p></span></pre>
<pre style="background:white"><span style="font-family:"Tahoma",sans-serif;color:black"><o:p> </o:p></span></pre>
<div>
<div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Georgia",serif;color:black">Which version of RT are you running? <o:p></o:p></span></p>
</div>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Calibri",sans-serif;color:black"><br clear="all">
<o:p></o:p></span></p>
<div>
<div>
<div>
<div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Georgia",serif;color:black">Sincerely,</span><span style="font-family:"Calibri",sans-serif;color:black">
<o:p></o:p></span></p>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Calibri",sans-serif;color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Georgia",serif;color:black">Aaron Lush</span><span style="font-family:"Calibri",sans-serif;color:black"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Georgia",serif;color:black">Network Administrator</span><span style="font-family:"Calibri",sans-serif;color:black"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Georgia",serif;color:black">South Central Community School Corporation</span><span style="font-family:"Calibri",sans-serif;color:black"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Georgia",serif;color:black">(219) 767-2266 ext. 1111</span><span style="font-family:"Calibri",sans-serif;color:black"><o:p></o:p></span></p>
</div>
</div>
</div>
</div>
</div>
</div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Calibri",sans-serif;color:black"><o:p> </o:p></span></p>
<div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Calibri",sans-serif;color:black">On Tue, May 17, 2016 at 12:06 PM, t s <<a href="mailto:zzzz67@hotmail.com" target="_blank">zzzz67@hotmail.com</a>> wrote:<o:p></o:p></span></p>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-right:0cm">
<div>
<div>
<p style="background:white"><span style="font-family:"Calibri",sans-serif;color:black">Anyone have any direction on how to set up SSO for RT for Windows Active Directory?<o:p></o:p></span></p>
<p style="background:white"><span style="font-family:"Calibri",sans-serif;color:black"><o:p> </o:p></span></p>
<p style="background:white"><span style="font-family:"Calibri",sans-serif;color:black">I am currently in the middle of following this set of directions from a SafeSquid app (<a href="https://www.safesquid.com/content-filtering/integrating-linux-host-windows-ad-kerberos-sso-authentication" target="_blank">https://www.safesquid.com/content-filtering/integrating-linux-host-windows-ad-kerberos-sso-authentication</a>) that
seems like it would mostly apply to set up the service principals, user accounts, etc. This seems like the best set of directions I could find, unless anyone knows of any that are better? Most sites seem to assume Kerberos is already set up and working with
the appropriate permissions.<o:p></o:p></span></p>
<div style="margin-bottom:15.0pt;display:inline-block;overflow:auto">
<table class="MsoNormalTable" border="1" cellspacing="0" cellpadding="0" width="90%" style="width:90.0%;background:white;border-top:dotted #C8C8C8 1.0pt;border-left:none;border-bottom:dotted #C8C8C8 1.0pt;border-right:none">
<tbody>
<tr>
<td width="250" valign="top" style="width:187.5pt;border:none;padding:15.0pt 15.0pt 15.0pt .75pt">
<div style="margin-top:5.0pt;margin-bottom:5.0pt;display:table;min-height: 62px">
<p class="MsoNormal" style="margin-top:15.0pt;background:white"><a href="https://www.safesquid.com/content-filtering/integrating-linux-host-windows-ad-kerberos-sso-authentication" target="_blank"><span style="border:solid windowtext 1.0pt;padding:0cm;text-decoration:none"><img border="0" width="250" height="62" id="_x0000_i1026" src="cid:image001.jpg@01D1B1AA.F5417740" alt="Das Bild wurde vom Absender entfernt."></span></a><o:p></o:p></p>
</div>
</td>
<td valign="top" style="border:none;padding:0cm 0cm 0cm 0cm;display:table-cell">
<div>
<p class="MsoNormal" style="margin-top:15.0pt;mso-line-height-alt:15.75pt"><span style="font-size:16.0pt;font-family:"Segoe UI Light",sans-serif;color:#0078D7"><a href="https://www.safesquid.com/content-filtering/integrating-linux-host-windows-ad-kerberos-sso-authentication" target="_blank"><span style="text-decoration:none">Integrating
a Linux Host with a Windows AD for Kerberos ...</span></a><o:p></o:p></span></p>
</div>
<div style="margin-top:7.5pt;margin-bottom:12.0pt">
<p class="MsoNormal" style="margin-top:15.0pt;line-height:10.5pt"><span style="font-size:10.5pt;font-family:"Segoe UI",sans-serif;color:#666666"><a href="http://www.safesquid.com" target="_blank">www.safesquid.com</a><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="margin-top:15.0pt;line-height:15.0pt"><span style="font-size:10.5pt;font-family:"Segoe UI",sans-serif;color:#666666">Validate that IP of all our systems are resolvable by our DNS provider. Add the Linux host safesquid1 as a New Host
in the DNS server's configuration such that it's ...<o:p></o:p></span></p>
</div>
</td>
</tr>
</tbody>
</table>
</div>
<p style="background:white"><span style="font-family:"Calibri",sans-serif;color:black"><o:p> </o:p></span></p>
<p style="background:white"><span style="font-family:"Calibri",sans-serif;color:black">And I am using:<o:p></o:p></span></p>
<p style="background:white"><span style="font-family:"Calibri",sans-serif;color:black"><o:p> </o:p></span></p>
<p style="margin-bottom:10.0pt;background:white"><span style="font-family:"Calibri",sans-serif;color:black">Set($WebExternalAuth , 1); <br>
Set($WebFallbackToInternalAuth , undef);<br>
Set($WebExternalGecos , undef);<br>
Set($WebExternalAuto , undef); <o:p></o:p></span></p>
<p style="background:white"><span style="font-family:"Calibri",sans-serif;color:black">with the ExternalAuth extension.<o:p></o:p></span></p>
<p style="background:white"><span style="font-family:"Calibri",sans-serif;color:black"><o:p> </o:p></span></p>
<p style="background:white"><span style="font-family:"Calibri",sans-serif;color:black">Also using nginx with mod_auth_kerb.<o:p></o:p></span></p>
<p style="background:white"><span style="font-family:"Calibri",sans-serif;color:black"><o:p> </o:p></span></p>
<p style="background:white"><span style="font-family:"Calibri",sans-serif;color:black">Thanks,<o:p></o:p></span></p>
<p style="background:white"><span style="font-family:"Calibri",sans-serif;color:black">ts<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal" style="margin-bottom:12.0pt;background:white"><span style="font-family:"Calibri",sans-serif;color:black"><br>
---------<br>
RT 4.4 and RTIR Training Sessions <a href="https://bestpractical.com/training" target="_blank">
https://bestpractical.com/training</a><br>
* Washington DC - May 23 & 24, 2016<o:p></o:p></span></p>
</blockquote>
</div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Calibri",sans-serif;color:black"><o:p> </o:p></span></p>
</div>
<p class="MsoNormal" style="background:white"><span style="font-family:"Calibri",sans-serif;color:black"><br>
Email Confidentiality Notice: This email message, including all attachments, is for the sole use of the intended recipient(s) and contains confidential information. If you are not the intended recipient, you may not use, disclose, print, copy or disseminate
this information. Please reply and notify the sender, delete the message and any attachments and destroy all copies.
<o:p></o:p></span></p>
</div>
</div>
</div>
</div>
</div>
</body>
</html>