search

edgardmessias / glpi-singlesignon

GNU General Public License v3.0
72 stars 54 forks source link

User is not authorized to connect in GLPI #1

Closed itmicus closed 5 years ago

itmicus commented 5 years ago

GLPI 9.4.3 Last version glpi-singlesignon

A have created Facebook provider After try to login I have message "User is not authorized to connect in GLPI"

I try add other provider Office 365 as generic. And I have same error.

In GLPI config: Automatically add users from an external authentication source - Yes

Can I create user in GLPI before use SSO? or user will be creating self

edgardmessias commented 5 years ago

The current version, you need create the user first.

itmicus commented 5 years ago

What is attribute User need?

С уважением Павел Кузнецов

From: Edgard Lorraine Messias notifications@github.com Sent: Thursday, August 22, 2019 7:56 PM To: edgardmessias/glpi-singlesignon Cc: Павел Кузнецов; Author Subject: Re: [edgardmessias/glpi-singlesignon] User is not authorized to connect in GLPI (#1)

The current version, you need create the user first.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/edgardmessias/glpi-singlesignon/issues/1?email_source=notifications&email_token=AJCV3F37K67RXXF3GYKSPG3QF3ALHA5CNFSM4IOVMSV2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD45XAFY#issuecomment-523989015, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AJCV3F3V7LGOSA4POIYERS3QF3ALHANCNFSM4IOVMSVQ.

edgardmessias commented 5 years ago

Look: inc/provider.class.php#L836 First try find by e-mail, after username

itmicus commented 5 years ago

ok, I did it - SSO with Office 365.

  1. You need Office 365 subscription Open https://portal.azure.com and sing-on with global administrator Go to Azure Active Directory -> App registrations New registration, input Name and RedirectURI like

    https://localhost/plugins/singlesignon/front/callback.php/provider/id_provider_Office365

id_provider_Office365 it is ID of SSO item, you can get it after step 3. Go to Secrets and certificates, New client secret. Enter Name and get Secret

  1. Plugin, in code inc/provider.class.php#L853 add 'mail'

    $email_fields = ['mail', 'email', 'e-mail', 'email-address'];

  2. Create generic SSO:

Name: Office 365 Client ID: <Application (client) ID> Client Secret :
Scope: https://graph.microsoft.com/user.read offline_access Authorize URL: <Endpoint Oauth 2.0 Authorize endpoint> Access Token URL: <Endpoint Oauth 2.0 token endpoint> Resource Owner Details URL https://graph.microsoft.com/v1.0/me

  1. Create user with Email
  2. Done!
titansmc commented 1 year ago

Hi, is it still the case that I need to create a user myself? I have configured keycloak