diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 6c899aff2..224808347 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -113,6 +113,17 @@ class ApplicationController < ActionController::Base
       }
     end
 
+    # check sso
+    if !session[:user_id]
+
+      user = User.sso(params)
+
+      # Log the authorizing user in.
+      if user
+        session[:user_id] = user.id
+      end
+    end
+
     # return auth not ok (no session exists)
     if !session[:user_id]
       message = 'no valid session, user_id'
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index 64ed4fcce..523edc148 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -111,7 +111,7 @@ class SessionsController < ApplicationController
       logger.info("AUTH IS NULL, SERVICE NOT LINKED TO ACCOUNT")
 
       # redirect to app
-      redirect_to '/app'
+      redirect_to '/'
     end
 
     # Create a new user or add an auth to existing user, depending on
@@ -128,7 +128,19 @@ class SessionsController < ApplicationController
     session[:user_id] = authorization.user.id
 
     # redirect to app
-    redirect_to '/app'
+    redirect_to '/'
+  end
+
+  def create_sso
+    user = User.sso(params)
+
+    # Log the authorizing user in.
+    if user
+      session[:user_id] = user.id
+    end
+
+    # redirect to app
+    redirect_to '/#'
   end
 
 end
\ No newline at end of file
diff --git a/app/models/user.rb b/app/models/user.rb
index c88b0b1a5..46c346bcb 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -103,6 +103,47 @@ class User < ApplicationModel
     return user_auth
   end
 
+  def self.sso(params)
+
+    # use auth backends
+    config = [
+      {
+        :adapter => 'env',
+      },
+      {
+        :adapter => 'otrs',
+      },
+    ]
+#    Setting.where( :area => 'Security::Authentication' ).each {|setting|
+#      if setting.state[:value]
+#        config.push setting.state[:value]
+#      end
+#    }
+
+    # try to login against configure auth backends
+    user_auth = nil
+    config.each {|config_item|
+      file = "sso/#{config_item[:adapter]}"
+      require file
+      user_auth = SSO.const_get("#{config_item[:adapter].to_s.upcase}").check( params, config_item )
+
+      # auth ok
+      if user_auth
+
+        # remember last login date
+        user_auth.update_last_login
+
+        # reset login failed
+        user_auth.login_failed = 0
+        user_auth.save
+
+        return user_auth
+      end
+    }
+
+    return false
+  end
+
   def self.create_from_hash!(hash)
     url = ''
     if hash['info']['urls'] then
diff --git a/config/routes/auth.rb b/config/routes/auth.rb
index 7b859cfea..02130506d 100644
--- a/config/routes/auth.rb
+++ b/config/routes/auth.rb
@@ -4,6 +4,9 @@ module ExtraRoutes
     # omniauth
     map.match '/auth/:provider/callback', :to => 'sessions#create_omniauth'
 
+    # sso
+    map.match '/auth/sso',                :to => 'sessions#create_sso'
+
     # sessions
     map.match '/signin',                  :to => 'sessions#create'
     map.match '/signshow',                :to => 'sessions#show'
diff --git a/lib/import/otrs.rb b/lib/import/otrs.rb
index e941833cb..f64be5543 100644
--- a/lib/import/otrs.rb
+++ b/lib/import/otrs.rb
@@ -52,6 +52,15 @@ module Import::OTRS
     return result
   end
 
+  def self.session(session_id)
+    response = post( "public.pl", { :Action => 'Export', :Type => 'SessionCheck', :SessionID => session_id } )
+    return if !response
+    return if response.code.to_s != '200'
+
+    result = json(response)
+    return result
+  end
+
   def self.start
     puts 'Start import...'
 
@@ -257,7 +266,7 @@ module Import::OTRS
                 :email          => email,
                 :password       => '',
                 :active         => true,
-                :roles          => roles,
+                :role_ids       => [roles.id],
                 :updated_by_id  => 1,
                 :created_by_id  => 1,
               )
diff --git a/lib/auth/env.rb b/lib/sso/env.rb
similarity index 81%
rename from lib/auth/env.rb
rename to lib/sso/env.rb
index d30e01bb1..6904719e1 100644
--- a/lib/auth/env.rb
+++ b/lib/sso/env.rb
@@ -1,7 +1,7 @@
-module Auth
+module SSO
 end
-module Auth::ENV
-  def self.check( username, password, config, user )
+module SSO::ENV
+  def self.check( params, config_item )
 
     # try to find user based on login
     if ENV['REMOTE_USER']
diff --git a/lib/sso/otrs.rb b/lib/sso/otrs.rb
new file mode 100644
index 000000000..349ab47cf
--- /dev/null
+++ b/lib/sso/otrs.rb
@@ -0,0 +1,19 @@
+module SSO
+end
+module SSO::OTRS
+  def self.check( params, config_item )
+
+    endpoint = Setting.get('import_otrs_endpoint')
+    return false if !endpoint || endpoint.empty? || endpoint == 'http://otrs_host/otrs'
+    return false if !params['SessionID']
+
+    # connect to OTRS
+    result = Import::OTRS.session( params['SessionID'] )
+    return false if !result
+
+    user = User.where( :login => result['UserLogin'], :active => true ).first
+    return user if user
+
+    return false
+  end
+end
\ No newline at end of file