Auth_Saml - Support Thread

Post plugins and custom CSS snippets here
TSM
Bear Rating Trainee
Bear Rating Trainee
Posts: 13
Joined: 03 Nov 2015, 16:20

Auth_Saml - Support Thread

Postby TSM » 04 Nov 2015, 20:55

I have created a SAML Login auth plugin using onelogin/php-saml library and tested against simplesamlphp IdP.

onelogin/php-saml - https://github.com/onelogin/php-saml
tsmgeek/ttrss-auth-saml - https://github.com/tsmgeek/ttrss-auth-saml

You need to create a settings.php file in the plugin directory, you can find settings on the onelogin/php-saml page.
Currently it uses the userid supplied back in the saml response and not any additional data.
You will need to modify the /includes/login_form.php page to add in the following code below the 'Log in' button as there are no hooks for me to do this currently.

[code]
<?php if (strpos(PLUGINS, "auth_saml") !== FALSE) {
echo PluginHost::getInstance()->get_plugin('auth_saml')->hook_login_button();
}?>
[/code]

User avatar
fox
^ me reading your posts ^
Posts: 6318
Joined: 27 Aug 2005, 22:53
Location: Saint-Petersburg, Russia
Contact:

Re: Auth_Saml - Support Thread

Postby fox » 04 Nov 2015, 21:10

why the need for a hook?

TSM
Bear Rating Trainee
Bear Rating Trainee
Posts: 13
Joined: 03 Nov 2015, 16:20

Re: Auth_Saml - Support Thread

Postby TSM » 04 Nov 2015, 21:17

[quote="fox"]why the need for a hook?

The login button will not post the form without there being data in the username/password.
I could not work out how to put a button next to the login button without a hook so resorted to manually adding the code for the current time.
For SSO purposes the login form itself is not needed, just need to redirect to /backend.php?op=saml&subop=sso, this then starts the redirection to the saml server to check if you are logged in.
It would be useful to have the ability to disable the login form completely via a plugin or replace it but in reality this is not needed for my implementation, the button works fine and lets me still log in with local users such as 'admin'.
Hooks for additional buttons on the login form would make the plugin completely self contained.