1

For our helpdesk we use the GLPI package with Kerberos SSO for our active directory users.

Right now if someone does not have a valid kerberos ticket, we redirect them to GLPI login page on another domain.

The SSO domaine is servicedesk.domain, the non SSO is sd.domain

Our users receive such a link, where "redirect" points to a specific ticket:

https://servicedesk.domain/index.php?redirect=ticket_20600_Ticket

In the SSO virtualhost definition in Apache, we redirect invalid connections with: 

ErrorDocument 401 "<html><meta http-equiv=\"refresh\" content=\"0;url=https://sd.domain\"></html>"

Unfortunately, that strips the remainder of the URL, which means the users get sent to the home page of the website instead of the right ticket after manual authentication.

Is there any way to dynamically redirect to something like this instead?

https://sd.domain/index.php?redirect=ticket_20600_Ticket

Edzilla
  • 11
  • 2
  • If I understand your question correctly, you can define the ErrorDocument to be a CGI (or other dynamic URL) and then parse the referrer for the ticket number? I'f I've misunderstood, the please provide more information as to the exact chain of events. – Unbeliever Sep 22 '16 at 15:43
  • Does this have to be error document? when I want to redirect full uri, e.g. from http to https, I'm using this line: `RedirectMatch permanent (.*) https://www.example.net$1` – Kitet Sep 22 '16 at 15:58
  • @Unbeliever that's a good idea, I might try this. I was hoping for something easier like what the redirection from http to https. – Edzilla Sep 23 '16 at 07:22
  • @Kitet yes, it has to be the error document, that's what apache uses on kerberos non authentication – Edzilla Sep 23 '16 at 07:22

1 Answers1

0

So in answer to the question it seems like the following will work

ErrorDocuemt 401 /path/to/my401.cgi

And then use the CGI to look for the referrer. In answer to your other question I wouldn't use a rewriterule to do that at all. Just add an http vhost

<VirtualHost *:80>
  # The Server name in both directives should be the same as your https vhost
  ServerName example.com
  Redirect permanent / https://example.com/
</Virtualhost>
Unbeliever
  • 2,286
  • 1
  • 9
  • 17
  • Actually I just tested that it won't work. It seems it requires something of the form `ErrorDocument 401 ""` I tried redirecting to a custom page but the Referrer is not set. – Edzilla Jul 19 '17 at 14:30