How to use external Authorization to login to MRBS

[jberanek]

I have an external OAuth that has it's own login page, takes in a username and password (university credentials) and redirects to a page (custom) with details (which I want to use to create users in MRBS), and then login with those credentials to MRBS (Maybe redirect to login page and fill the form automatically to login with the user) Is there another way to do this, ie, use the external auth to login to MRBS. I couldn't understand from the documentation how to implement it

Reported by: *anonymous

Original Ticket: mrbs/support-requests/2749

[jberanek]

I think what you want to do is to authenticate against the OAuth2 server. It is possible to do this but it's a fair amount of work, especially to make it generic.

Original comment by: campbell-m

[jberanek]

I wanted to know what should be the auth settings in mrbs to allow an external OAuth to verify username and password for me. And then mrbs should automatically login once we get cleared from the external OAuth. (I don't have access to the OAuth db, i can just enter username password to a particular site), which then redirects to a page, which we've set to our_domain_name/mrbs/web/checkuser. Which gets access to variables $username , $password, etc.) Now I want to use these credentials to login the user to MRBS. Is this possible? (maybe use this data to send a post request to mrbs login page (web/mrbs/admin.php) to login the user. Then redirect to the MRBS homepage

Original comment by: *anonymous

[jberanek]

It's not a question of settings. It's a question of adding a lot of code (some of which will come from external libraries). As I say, it's a lot of work, though I agree it would be useful.

Original comment by: campbell-m

[jberanek]

I see, so please help me on this. Is there a way to send a post request to localhost/mrbs/web/admin.php (with body containing form data of username and password) to login user (provided the username and password exist in the mrbs_users table/ or assuming the user already exists)

Original comment by: *anonymous

[jberanek]

I see, so please help me on this. Is there a way to send a post request to localhost/mrbs/web/admin.php (with body containing form data of username and password) to login user (provided the username and password exist in the mrbs_users table/ or assuming the user already exists)

Original comment by: *anonymous

[jberanek]

Yes, you can send a POST request. It doesn't have to be sent to admin.php. It can go to any MRBS page, it doesn't really matter where. The parameters you need are

action which should be SetName target_url, the URL to go to on successful logon username password

One thing you will need to do is to disable CSRF token checking by commenting out the line Form::checkToken(); in the method processForm() in lib/MRBS/Session/SessionWithLogin.php.

Original comment by: campbell-m