Zammad ignores REMOTE_USER in api calls?


  • Used Zammad version: 4.0.1
  • Installation method (source, package, …): Package
  • Operating system: Debian 10
  • Database + version: Postgres 11
  • Elasticsearch version:
  • Browser + version: Curl

Expected behavior:

  • Zammad uses REMOTE_USER set by NGINX

Actual behavior:

  • Zammad uses authorisation

Steps to reproduce the behavior:

  • Set up Zammad with Authorisation by Webserver (e.g. TLS Client Certificate)
  • call any /api URL

Is this really intended behaviour?

Yes that’s intended. Use token based authentication for API calls.

This topic was automatically closed 120 days after the last reply. New replies are no longer allowed.