Einstellungen im Azure ADFS













 

Konfiguration in OTOBO

 

$Self->{AuthModule} = 'Kernel::System::Auth::OpenIDConnect';
# Define the authentication flow, currently supported are the authorization code flow...
 $Self->{'AuthModule::OpenIDConnect::AuthRequest'}->{ResponseType} = [ 'code' ];
# Define the additional scope (openid is added automatically and does not need to be
# defined here). Make sure to add everything you want to interpret later.
 $Self->{'AuthModule::OpenIDConnect::AuthRequest'}->{AdditionalScope} = [
         qw/profile email/
  ];

     # Set the ClientID and Redirect URI exactly as defined on the authorization server
     # for the latter the Action must be "Login"
     $Self->{'AuthModule::OpenIDConnect::Config'}{ClientSettings} = {
         ClientID    => 'xxxxx-xxxxx-xxxx-xxxx-xxxxxx',
         RedirectURI => 'https://support.otobo.de/otobo/index.pl?Action=Login',
     };

     # For the authorization code flow the client secret has to be provided
     $Self->{'AuthModule::OpenIDConnect::Config'}{ClientSettings}{ClientSecret} = 'xxxxxxxxxx';
     # Provide the URL of the well-known openid-configuration of the OpenID provider
     $Self->{'AuthModule::OpenIDConnect::Config'}{ProviderSettings} = {
         OpenIDConfiguration => 'https://login.microsoftonline.com/5dddddf41bd-338c-4311-b1b0-e129ddddd34b/v2.0/.well-known/openid-configuration',
         TTL                 => 60 * 30,      # optional: time period the extracted openid-configuration is cached
         Name                => 'Intern4',    # optional: necessary only if one needs to differentiate between User and CustomerUser configuration e.g.
#        SSLOptions          => {             # if special ssl options are needed; SSLVerifyHostname => 0 is also possible but should only be used for testing purposes
#            SSLCertificate => 'SSL_cert_file',     # client certificate
#            SSLKey         => 'SSL_key_file',      # client cert key
#            SSLPassword    => 'SSL_passwd_cb',     # password for client cert key
#            SSLCAFile      => 'SSL_ca_file',       # CA certificate
#            SSLCADir       => 'SSL_ca_path',       # CA cert directory#       
         },
     };

     # Set the token claim to be used as identifier
    $Self->{'AuthModule::OpenIDConnect::UID'} = 'preferred_username';

     # Some optional additional settings
      $Self->{'AuthModule::OpenIDConnect::Config'}{Misc} = {

         UseNonce   => 1,      # add a nonce to request and token (this is primarily important for the implicit flow where it is enabled by default)
         RandLength => 22,     # length for state and nonce random strings - default: 22
         RandTTL    => 60 * 5, # valid time period for state and nonce (roughly the time a user can take to authenticate) - default: 300 s
     };