AdSchellevis
commented
8 years ago Closed fichtner closed 8 years ago
AdSchellevis
commented
8 years ago AdSchellevis
commented
8 years ago @gitdevmod ok, hotplug is in. you need to extend your connector a bit to use it with this change.
for reference https://github.com/opnsense/core/commit/59f43c120e96c17040912e1052421532864b4a53 moves the voucher metadata to the connector. https://github.com/opnsense/core/commit/ca664c091e8e1b1908e97f05aff304f58d9d2755 sets up totp.
see https://github.com/opnsense/core/blob/ca664c091e8e1b1908e97f05aff304f58d9d2755/src/opnsense/mvc/app/library/OPNsense/Auth/LocalTOTP.php#L56-L72 for how to define the unique type and description of the connector.
gitdevmod
commented
8 years ago @AdSchellevis thanks for your work on this, I tried this SSOProxyAD.php I can see this type in auth_servers.php and the server in proxy authentication settings but OPNsense.proxy.forward.authentication.method in squid.conf template always display the name instead of type. btw I can add SSOProxyAD.php inside my plugin ?
fichtner
commented
8 years ago @gitdevmod yes, that can be part of the plugin now
SASL parts are done, I'll enable them in 16.7.2 as we need more time for testing LDAP then.
The Name is used to look up the type internally. Ideally you don't have to know about it, or do you not find a way to return the value to check if you need to run?
Cheers, Franco
gitdevmod
commented
8 years ago @fichtner I need the type to enable the correct configuration in squid.conf template, I do not know how to lock up the type with the name.
Thanks
fichtner
commented
8 years ago @gitdevmod once you get your object from the factory, it should be accessible via $obj->getType(), but you seem to be needing it from the template which is not code... errr @AdSchellevis, any idea? It may be part / problem of the code flow as the logic for the authenticator is executed later, not in the authenticator itself.
AdSchellevis
commented
8 years ago I'm not sure what we're looking for here, if the type determines the template to generate, you may have to traverse the config and search for the name to retrieve the type. For an example of how to traverse the config in a template you could look at this https://github.com/opnsense/core/blob/master/src/opnsense/service/templates/OPNsense/IPFW/ipfw.conf#L7
When using the authenticator from the php factory, you can call the static ::getType, example:
$authFactory = new OPNsense\Auth\AuthenticationFactory;
$authenticator = $authFactory->get("radius_test");
echo $authenticator::getType();Ok thanks, this code works. What do you think ?
{% if helpers.exists('system.authserver') %}
{% for server in helpers.toList('system.authserver') %}
{{ server.name }}
{{ OPNsense.proxy.forward.authentication.method }}
{% if server.name == OPNsense.proxy.forward.authentication.method %}
{% if server.type == "ssoproxyad" %}
ssoproxyad code here
{% endif %}
{% endif %}
{% endfor %}
{% endif %}
AdSchellevis
commented
8 years ago @gitdevmod the loop should work, not sure why you print the name, but that's probably for debugging.
gitdevmod
commented
8 years ago Indeed it was for debugging :)
As discussed on IRC with @gitdevmod who requires this for his proxy Single-Sign-On plugin.