No CAS authentication for users

[PPCM]

After activation of Authentication for "Agents and Clients", CAS authentication is not present for client registration

any idea?

[kevinoconnor7]

I cannot seem to be able to reproduce this. There should be a button the login page for clients to "Sign in with CAS". If the user doesn't exist then it will create an osTicket account for them. If there's missing information (such as their name) then they will be prompted to provide that additional information.

If you're still not seeing the button on the login page then confirm for me the osticket and PHP version you're using. Also double check the plugin settings for me.

[PPCM]

On login page, the button is present, no matter for that.

But, clients are not created automatically, I need to register each of them manually. And on the registration page for clients, CAS authentication is not present in "Authentication Sources" combo box.

[kevinoconnor7]

Ah, you probably have public registration disabled.

I just pushed v1.1.2 which contains a new setting to force user creation.

[PPCM]

I confirm: public registration is disbled

I copied the version 1.1.2, I checked "Force client registration" and I didn't see any difference Something to do to update internal status of the module?

(really thanks for your disponibility)

[kevinoconnor7]

If you saw the setting for "Force client registration" then you have the new version. I'm having trouble recreating the issue with that new setting enabled.

Can you tell me what settings you have configured under Settings -> Users. I really care about "Registration Required" and "Registration Method".

[PPCM]

Here snapshot of some pages

• Users settings
• osTicket-auth-cas settings
• Registration page of a user

[kevinoconnor7]

Hmm, maybe I'm confused a bit on what the exact issue is here. You shouldn't see CAS as an authentication provider on the registration screen since it's implemented as an SSO provider.

The option you're looking at is important if you want to pass authentication credentials to an external service for verification (ex. LDAP plugin does this). It's pretty much a way to say, "when you get this username, try to authenticate them against this backend rather than just all the possible ones."

So to clarify, if someone goes to the client login page and clicks the "Sign in with CAS" button, do they get signed in? And furthermore, with the new option in the plugin enabled, will an account be created for them when they click that for the first time?

[PPCM]

Thanks for the response, I understand how you impleted the user regitration, it that way, everyone on the CAS access to OSTicket. It's not a bad point of view, I didn't think organization on that way...

My goal is to have the same features as OSTicket registration, only registred users in OSTicket can access to their account after we enabled it. I need to select users who can access to OSTicket accounts.

What do you think about that?

[kevinoconnor7]

So that's not something that is supported here and the bigger limitation is what osTicket allows for plugins to modify. You really only have the options of:

1. Agents create accounts for users. The authentication method they set doesn't matter. CAS will attempt to login users based on the username/email that your CAS server responds with.
2. Allow users to register, but they might change their username and thus break login.

Sorry, I think this is very much an edge case for what most organizations would want. It's also an issue that is not limited to this authentication plugin as this is a feature request for osTicket.

[PPCM]

Hello,

Thanks for recommandations

Regards

Le 20/10/2015 02:09, kevinoconnor7 a écrit :

So that's not something that is supported here and the bigger limitation is what osTicket allows for plugins to modify. You really only have the options of:

1. Agents create accounts for users. The authentication method they set doesn't matter. CAS will attempt to login users based on the username/email that your CAS server responds with.
2. Allow users to register, but they might change their username and thus break login.

Sorry, I think this is very much an edge case for what most organizations would want. It's also an issue that is not limited to this authentication plugin as this is a feature request for osTicket.

— Reply to this email directly or view it on GitHub https://github.com/kevinoconnor7/osTicket-auth-cas/issues/7#issuecomment-149381891.