Auto SSO-Login / SSO-Links?

Infos:

  • Used Zammad version: 5.2.2
  • Used Zammad installation type: package
  • Operating system: Debian 11

Expected behavior:

  • Users have to click on “SSO” on the Login-Page for login

Actual behavior:

  • Users should automatically signed in on load of the Login-Page

Hi,
we setup successfully a LDAP-SSO and i would like to give our employees a better userexperience / less clicks to login.

I find out, that if i’m not logged in to Zammad and open /auth/sso in a browser, i will automatically login to Zammad.

So i could change the Link-Target for all links that points to our Zammad (local Intranet-Site, eMail-Links, etc.). But if Zammad sends a Auto-Reply in reaction of a newly created ticket by eMail, it contains a Link to the new Ticket.

It would be nice if a click on that link would also login the user; without the need to click “SSO” on the Login-Page.

Question: Is there any redirect-option in the behavior, zammad parses the requestet page-url? I played a little bit with the url, like:
https://zammadurl/auth/sso#ticket/zoom/78
The idea was, that Zammad opens the /auth/sso and logs the user in, and then redirect to the part behind /auth/sso. Maybe there’s a “?redirekt=#ticket/zoom/78”-Option or something like that?

The second idea was to submit the SSO-Loginform on pageload of the login-screen.
I edit /opt/zammad/app/assets/javascripts/app/views/login.jst.eco and added name="<%= auth_provider.class %>" to the form; so i could use javascript to submit the form on pageload, like with:

<javascript>
window.onload = function() {
        document.forms['sso'].submit();
}
</javascript>

After a recompile (zammad run rake assets:precompile) and restart of the zammad-webserver, the above Javascript-Code was inserted into the sourcecode, but it the <javascript></javascript>-Tags were automatically removed by the web-engine/webserver, so the Javascript could’nt executed.

Has someone an idea, how i could work around this? Do i have to put the javascript into a .js-File as function and run the function in the login.jst.eco-File or something like that?

Thanks in advance,
Bastian

1 Like

I don’t have a direct answer, but I would love this as well. Instead of doing those things. I modified our login.jst.eco to hide the username and password fields and simply has a google login button. Its an extra step compared to what you are doing, but at least it removes the scenarios where users try to enter in their accounts that page.