Redirect Authentication

Hello Zammad,

We use only social login / oauth2 login for our apps but one thing we miss is the ability to force the client to redirect directly to a certain social provider say oauth2.

Would it be any way possible to hide the login screen and automatically redirect to oauth2 provider?

Hey,

yes there is.

You can simply solve this with a redirect rule - if you’re checking for the session cookie of Zammad, you can redirect to wherever you want to. This should be exactly what you need (at least in SSO context that is the way to do it).

You can find a working comment here:


( Please do not respond to the issue because you’d mix things :slight_smile: )

Please note that this redirect only works on a clean start of your Browser.
As soon as you logged out, the Session cookie is still there. It is removed upon Browser restart.

Edit: Redirect to the auth URL of Zammad for the service you want to use - e.g. office 365: /auth/microsoft_office365

Please note that this only works for one provider, as nobody is able to forsee what authentication provider should be used (if several applicable)

Hi. You just outlined two major flaws.

  1. the /auth/ redirects only work as post requests, so a simple redirect doesnt cut it
  2. Please note that this redirect only works on a clean start of your Browser.

I just hacked it together by adding a script tag to the login component that automatically submits the form that does your post redirect (normally submitted via button click). works but is just a hack that gets reset on every update.

I’d appreciate an option to select this as the “only” provider which automatically enables such a workaround or even better handles this stuff internally.