I want to introduce the ticket system Zammad with SSO, but after days of configuration it's not working. The LDAP source is Active Directory. I installed it on Debian 12 and switched from Nginx to Apache as described in the SSO tutorial from Zammad.
Since libapache2-mod-auth-kerb isn't available since Debian 11 by default, I installed it this way:
wget http://ftp.de.debian.org/debian/pool/main/liba/libapache-mod-auth-kerb/libapache2-mod-auth-kerb_5.4-3_amd64.deb
dpkg -i libapache2-mod-auth-kerb_5.4-3_amd64.deb
After I called https://zammadtest.my-domain.de/auth/sso in Chrome the site redirects to the Zammad login page. After I press the SSO button, I get ERR_INVALID_RESPONSE.
Here is the Apache errorlog. What I don't understand, in one line the log says granted, in the next line it says denied (no authenticated user yet).
I am despairing. I hope someone can help me.
Here is the apache errorlog as Google Table, because stackoverflow thaught this post is spam: https://docs.google.com/spreadsheets/d/1XydjmQHgTaSKQcqq1nshMHvWEFjijKjYyatdrYSqVJo/edit?usp=sharing
I expect SSO to work. I tried everything inkl. asking ChatGPT for help. I also tried GSSAPI as described here.