SSO
Single Sign On module for Altis.
SSO
Integrate your own user account registry with Altis through SAML or provide a Single Sign On service directly from the platform.
Altis SSO Module
Home Page: https://www.altis-dxp.com/resources/docs/sso/
Single Sign On module for Altis.
Integrate your own user account registry with Altis through SAML or provide a Single Sign On service directly from the platform.
We would provide this using https://github.com/clifgriffin/simple-ldap-login
composer.json
and request the maintainer to publish it on packagistFor further details on SAML 2.0, see the wp-simple-sample plugin details.
Should be wp-simple-saml
instead
Each environment (ie. dev/staging/prod) requires a separate IdP metadata file, but these all need to go into the same repo. Therefore the SSO config needs to allow a different IdP file name or path to be specified for each environment that the user sets up.
Currently we don't have a tagged version, as the upstream tags versions from the master
branch. See https://github.com/humanmade/wp-simple-saml/releases
When migrating one of the projects to Altis we came across an error in SSO module, particularly from SAML library.
The response was received at https://domain.com:8080/sso/verify instead of https://doman.com/sso/verify
My assumption was that due to some docker networking SAML library was reading the port number incorrectly, It was reading it 8080 but it was expected to be 443 (or 80).
To fix this we simply had to set the port to 443 explicitly from the loader -
// Set server port to 443 for SAML.
if ( class_exists( '\\OneLogin\\Saml2\\Utils' ) ) {
\OneLogin\Saml2\Utils::setSelfPort( '443' );
}
This issue was also reproduced locally using local testing method mentioned in the wiki here - https://github.com/humanmade/wp-simple-saml/wiki/Testing-SSO-locally
I had to change the default port numbers to set it up locally as port 8080 is also used by Altis local-server
(Note while debugging we first disabled the Altis SSO module to find if the problem was in any customizations in this module, but the issue still persisted so I believe the issue will also be there when using Altis SSO module as that as well uses the same plugin under the hood)
There's at-least 1 new release 1.0.1.
Some of the custom URLs needed for SSO support are blocked by require login, these should be allowed out of the box using the apply_filters( 'hm-require-login.allowed_pages', $allowed, $page );
filter.
Per https://www.altis-dxp.com/resources/docs/getting-started/configuration/ the directory we use for config is .config
.
The path on this line needs correcting https://github.com/humanmade/altis-sso/blob/master/inc/saml/namespace.php#L34
Acceptance criteria:
saml-idp-metadata.xml
in the .config/sso
directory causes ***The module expects a config file to exist, and falls back to the default file in .sso/config
from the skeleton project, which doesn't necessarily exist on all installations.
Steps to reproduce:
.config/sso/saml-idp-metadata.xml
filehttps://site/sso/metadata
You should see the SP metadata XML file generated, but right now it errors out with Invalid SSO settings. Contact your administrator.
The solution would be to move the default file to the module directory to ensure it always exists, and load it from there, and remove it from the skeleton project.
Related to support request: https://humanmade.zendesk.com/agent/tickets/5673
We should consider supporting OpenID Connect (OIDC), both for inbound and outbound.
Context
The SSO module documentation doesn't mention how to generate the service metadata file, which is often needed to setup the IdP provider settings as per the wp-simple-saml plugin documentation.
We also need to add a note that IdP providers typically require a different application to be created on their end for each environment, eg: a metadata file generated for the dev environment cannot be used for the prod environment, etc.
This ticket addresses the issues raised by the documentation linting
composer dev-tools lintdocs all -l packages/sso
File Issues:
None
Markdown issues:
Linting: 3 file(s)
Summary: 58 error(s)
Style issues:
9 errors, 0 warnings and 0 suggestions in 3 files.
Placeholder: looking at commonalities between SSO implementations to reduce duplication of effort
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.