Open men-chris opened 1 year ago
We did not plane to implement SSO authentication based on the REMOTE_USER value, as we didn't know it.
However, we could study this kind of SSO. As I see in my search, REMOTE_USER is not an http header but an environment variable.
Even if it seems "easy" to implement (REMOTE_USER should contains the login), there is not many documentation about this SSO authentication. It will take time to create an environment having such authentication mode, to test the feature.
This works with 3.5 but not 3.6 and i did no test with ldap, You should add some code to autocreate groups if you want to have them from the env
Go here : lizmap/plugins/coord/auth/
<?php
/**
* @package jelix
* @subpackage coord_plugin
*/
class AuthCoordPlugin implements jICoordPlugin {
public $config;
function __construct($conf){
$this->config = $conf;
if (!isset($this->config['session_name'])
|| $this->config['session_name'] == ''){
$this->config['session_name'] = 'JELIX_USER';
}
}
/**
* @param array $params plugin parameters for the current action
* @return null or jSelectorAct if action should change
* @throws jException
*/
public function beforeAction ($params){
$_SESSION[$this->config['session_name']] = new jAuthDummyUser();
$_SESSION[$this->config['session_name']]->login = $_SERVER["HTTP_REMOTE_USER"] ?? 'anonymous';
$_SESSION[$this->config['session_name']]->password = $_SERVER["HTTP_REMOTE_USER"] ?? '!!!!!fake_password!!!!!';
$_SESSION[$this->config['session_name']]->firstname = $_SERVER["HTTP_REMOTE_FIRSTNAME"] ?? 'Ano';
$_SESSION[$this->config['session_name']]->lastname = $_SERVER["HTTP_REMOTE_LASTNAME"] ?? 'Nymous';
jAcl2DbUserGroup::createUser($_SERVER["HTTP_REMOTE_USER"] ?? 'anonymous', true);
}
public function beforeOutput(){}
public function afterProcess (){}
}
Good morning,
Is it planned to implement SSO authentication in a future version of LiZmap? We use a very simple to implement SSO based on the REMOTE_USER HTTP header.
Thank you for your feedback