7503b32c74
* add zammad Signed-off-by: Tealk <tealk@rollenspiel.monster> * some improvements Signed-off-by: Tealk <tealk@rollenspiel.monster> * add navi-item Signed-off-by: Tealk <tealk@rollenspiel.monster> * fix mappings Signed-off-by: Tealk <tealk@rollenspiel.monster> * typo Signed-off-by: Tealk <tealk@rollenspiel.monster> * personalized link removed Signed-off-by: Tealk <tealk@rollenspiel.monster> * replace inventory placeholder & fix SAML Signed-off-by: Tealk <tealk@rollenspiel.monster> * Replace placeholder Signed-off-by: Tealk <tealk@rollenspiel.monster> * text improvement Signed-off-by: Tealk <tealk@rollenspiel.monster> --------- Signed-off-by: Tealk <tealk@rollenspiel.monster>
76 lines
2.2 KiB
Markdown
76 lines
2.2 KiB
Markdown
---
|
|
title: Zammad
|
|
---
|
|
|
|
<span class="badge badge--secondary">Support level: Community</span>
|
|
|
|
## What is Zammad
|
|
|
|
From https://zammad.org/
|
|
:::note
|
|
Zammad is a web-based, open source user support/ticketing solution.
|
|
Download and install it on your own servers. For free.
|
|
:::
|
|
|
|
## Preparation
|
|
|
|
The following placeholders will be used:
|
|
|
|
- `zammad.company` is the FQDN of the zammad install.
|
|
- `authentik.company` is the FQDN of the authentik install.
|
|
|
|
## authentik Configuration
|
|
|
|
### Step 1 - Property Mappings
|
|
|
|
Create two Mappings (under _Customisation/Property Mappings_) with these settings:
|
|
|
|
#### name mapping
|
|
|
|
- Name: Zammad SAML Mapping: name
|
|
- SAML Attribute Name: name
|
|
- Friendly Name: none
|
|
- Expression: `return request.user.name`
|
|
|
|
#### email mapping
|
|
|
|
- Name: Zammad SAML Mapping: email
|
|
- SAML Attribute Name: email
|
|
- Friendly Name: none
|
|
- Expression: `return request.user.email`
|
|
|
|
### Step 2 - SAML Provider
|
|
|
|
In authentik, create a SAML Provider (under _Applications/Providers_) with these settings :
|
|
|
|
- Name : zammad
|
|
- ACS URL: `https://zammad.company/auth/saml/callback`
|
|
- Issuer: `https://zammad.company/auth/saml/metadata`
|
|
- Service Provider Binding: Post
|
|
- Audience: https://zammad.company/auth/saml/metadata
|
|
- Property mappings: Zammad SAML Mapping: name & Zammad SAML Mapping: email
|
|
- NameID Property Mapping: Zammad SAML Mapping: name
|
|
|
|
### Step 3 - Application
|
|
|
|
In authentik, create an application (under _Resources/Applications_) with these settings :
|
|
|
|
- Name: Zammad
|
|
- Slug: zammad
|
|
- Provider: zammad
|
|
|
|
## zammad Setup
|
|
|
|
Configure Zammad SAML settings by going to settings (the gear icon), and selecting `Security -> Third-party Applications` and activiate `Authentication via SAML` and change the following fields:
|
|
|
|
- Display name: authentik
|
|
- IDP SSO target URL: https://authentik.company/application/saml/ticketsystem-seatable/sso/binding/init/
|
|
- IDP certificate: ----BEGIN CERTIFICATE---- …
|
|
- IDP certificate fingerprint: empty
|
|
- Name Identifier Format: empty
|
|
|
|
## Additional Resources
|
|
|
|
- https://admin-docs.zammad.org/en/latest/settings/security/third-party/saml.html
|
|
- https://community.zammad.org/t/saml-authentication-with-authentik-saml-login-url-and-auto-assign-permission/10876/3
|