Auto SSO-Login / SSO-Links?

bmueller · September 16, 2022, 12:59pm

Infos:

Used Zammad version: 5.2.2
Used Zammad installation type: package
Operating system: Debian 11

Expected behavior:

Users have to click on “SSO” on the Login-Page for login

Actual behavior:

Users should automatically signed in on load of the Login-Page

Hi,
we setup successfully a LDAP-SSO and i would like to give our employees a better userexperience / less clicks to login.

I find out, that if i’m not logged in to Zammad and open /auth/sso in a browser, i will automatically login to Zammad.

So i could change the Link-Target for all links that points to our Zammad (local Intranet-Site, eMail-Links, etc.). But if Zammad sends a Auto-Reply in reaction of a newly created ticket by eMail, it contains a Link to the new Ticket.

It would be nice if a click on that link would also login the user; without the need to click “SSO” on the Login-Page.

Question: Is there any redirect-option in the behavior, zammad parses the requestet page-url? I played a little bit with the url, like:
https://zammadurl/auth/sso#ticket/zoom/78
The idea was, that Zammad opens the /auth/sso and logs the user in, and then redirect to the part behind /auth/sso. Maybe there’s a “?redirekt=#ticket/zoom/78”-Option or something like that?

The second idea was to submit the SSO-Loginform on pageload of the login-screen.
I edit /opt/zammad/app/assets/javascripts/app/views/login.jst.eco and added name="<%= auth_provider.class %>" to the form; so i could use javascript to submit the form on pageload, like with:

<javascript>
window.onload = function() {
        document.forms['sso'].submit();
}
</javascript>

After a recompile (zammad run rake assets:precompile) and restart of the zammad-webserver, the above Javascript-Code was inserted into the sourcecode, but it the <javascript></javascript>-Tags were automatically removed by the web-engine/webserver, so the Javascript could’nt executed.

Has someone an idea, how i could work around this? Do i have to put the javascript into a .js-File as function and run the function in the login.jst.eco-File or something like that?

Thanks in advance,
Bastian

astrugatch · September 17, 2022, 6:41pm

I don’t have a direct answer, but I would love this as well. Instead of doing those things. I modified our login.jst.eco to hide the username and password fields and simply has a google login button. Its an extra step compared to what you are doing, but at least it removes the scenarios where users try to enter in their accounts that page.

system · January 15, 2023, 6:41pm

This topic was automatically closed 120 days after the last reply. New replies are no longer allowed.