Any chance to add (contribute with) a "simple external login" (no cas, no oauth /openid)?

[jaanusnurmoja]

I am trying to create a new authentication feature - authentication against own external authenticator which is not of such specific kind like cas or oauth and may not require any access token. Would it be possible to add such additional plugin? I would try to contribute with this if I got good hints what to do (what to preserve, what to omit/change compared to the cas login plugin).

In my case it would be authentication against a dedicated subdomain or directory using id card, then after succesful authentication auto login to Joomla site (and auto registration before it if the user doesn't exist yet).

The authenticator first prompts for pin code and after succesful authentication outputs id card owner's data in json format, like this {"firstname":"JAANUS","lastname":"NURMOJA","pno":"PNOEE-36706230000","idcode":"36706230000","email":"36706230000@eesti.ee","country":"EE"} which would then be json_decoded and mapped to Joomla user fields. Then (auto registration and) auto login.

Maybe it woulld be good idea to consider any kind of fully custom plugin - in settings, the admin would set not only the url but also let's say choose the format of ext login output (json, xml, raw etc), does it require client id / client secret, which output field corresponds to which user field and so on.

Thanks in advance!

[akunzai]

Hi @jaanusnurmoja,

Have you take a look the WebAuthn?

A passwordless login method that built-in since Joomla! 5

[jaanusnurmoja]

Hi @jaanusnurmoja,

Have you take a look the WebAuthn?

A passwordless login method that built-in since Joomla! 5

Yes, but not sure if this one would satisfy me.

[akunzai]

@jaanusnurmoja, You should try WebAuthn to register authenticators.

This extension is focus on external authentication standards like CAS/OAuth/OIDC/SAML/Ws-Fed.

[jaanusnurmoja]

@akunzai and that's the reason why it is probably not good enough because in my case such standards are not needed (of course I can "emulate" any of them but will it make sense?) and this is very bad:

Only questions for me are

• best way to make request against https://id.mydomain.ee or https://mydomain.ee/mysite/id (it should trigger the pin 1 prompt like in the picture, at least with xhr.open() it's possible)
• how to get the response data into Joomla code and use it to (autoregister and) log user in
• maybe also "will it be better idea to use $_SESSION variables created in authenticator and pass them back to the Joomla site using header(Location: "my-callback-url") - in this case, nothing else more is needed but &redirect_uri=[my urlencoded current url or maybe com_ajax url] at the end of the authenticator url and adding the mentioned header to the index.php of my authenticator.

[jaanusnurmoja]

@akunzai - but what if I try to "emulate" the CAS server response, that means instead of echo json_encode($myDataFromSSLvariables), I give another kind of output to my endpoint's index.php? Unfortunately, I don't know how does it exactly look like, the CAS response.

[akunzai]

@jaanusnurmoja It is important to make it clear that this extension focuses on external authentication standards such as CAS/OAuth/OIDC/SAML/WS-Fed. Currently, we will not accept any other authentication methods.