Comments (3)
Hi @SimonBin,
the login code needs a bit love and refactoring. We have an issue in our backlog, which is addressing this issue.
I guess for now, you should go with LDAP, and wait until we have some time to refactor SSO.
from openitcockpit.
hi @nook24 , thanks for answer. If I fix this part of the code the SSO seems to work. The attribute mapping might need to be more flexible though.
here is the patch I made to oauth2client so it works with our install of simplesamlphp:
mail is an array of mails ->
optionally forward other attributes returned by simpleSamlPHP in the attributes dictionary ->
(the exact data you get depends on the oauth endpoint... I would prefer to match by useraccount instead of mail, since mail can be changed in our ldap)
diff --git a/app/Model/Oauth2client.php b/app/Model/Oauth2client.php
index 2dcde9e..7d96dfd 100644
--- a/app/Model/Oauth2client.php
+++ b/app/Model/Oauth2client.php
@@ -75,7 +75,7 @@ class Oauth2client
return ['success' => false, 'message' => 'Can not get user data: '.(ENVIRONMENT === 'production' ? '' : $userDataArr[1])];
}
$userArray = $userDataArr[1]->toArray();
- return ['success' => true, 'email' => $userArray['mail']];
+ return ['success' => true, 'email' => $userArray['mail'][0], 'attributes' => $userArray['attributes']];
}
}
and here the main fix, as I said above I have no idea what the code is supposed to do but simply commenting the offending rewrite it works:
diff --git a/app/Vendor/Oauth2/league/oauth2-client/src/Provider/AbstractProvider.php b/app/Vendor/Oauth2/league/oauth2-client/src/Provider/AbstractProvider.php
index 27d8c87..b3181fd 100644
--- a/app/Vendor/Oauth2/league/oauth2-client/src/Provider/AbstractProvider.php
+++ b/app/Vendor/Oauth2/league/oauth2-client/src/Provider/AbstractProvider.php
@@ -632,18 +632,18 @@ abstract class AbstractProvider
protected function sendRequest(RequestInterface $request)
{
try {
- if(!empty($this->code) && empty($this->accessToken)){
- $response = $this->getHttpClient()->request('POST', $this->tokenEndpoint.'?grant_type=authorization_code&code='.$this->code.
- '&redirect_uri='.$this->redirectUri.
- '&client_id='.$this->clientId.
- '&client_secret='.$this->clientSecret);
- }elseif(!empty($this->accessToken)){
- $response = $this->getHttpClient()->request('POST', $this->userEndpoint.'?client_id='.$this->clientId.
- '&client_secret='.$this->clientSecret.
- '&access_token='.$this->accessToken);
- }else{
+# if(!empty($this->code) && empty($this->accessToken)){
+# $response = $this->getHttpClient()->request('POST', $this->tokenEndpoint.'?grant_type=authorization_code&code='.$this->code.
+# '&redirect_uri='.$this->redirectUri.
+# '&client_id='.$this->clientId.
+# '&client_secret='.$this->clientSecret);
+# }elseif(!empty($this->accessToken)){
+# $response = $this->getHttpClient()->request('POST', $this->userEndpoint.'?client_id='.$this->clientId.
+# '&client_secret='.$this->clientSecret.
+# '&access_token='.$this->accessToken);
+# }else{
$response = $this->getHttpClient()->send($request);
- }
+# }
} catch (BadResponseException $e) {
$errorMessage = str_replace($this->clientId, '***', $e->getMessage());
$errorMessage = str_replace($this->clientSecret, '***', $errorMessage);
from openitcockpit.
Hi @SimonBin,
the SSO implementation got rewritten from scratch with openITCOCKPIT 4. Had you already a chance to test this out?
from openitcockpit.
Related Issues (20)
- Translate openITCOCKPIT into Korean language
- Translate openITCOCKPIT into Spain language HOT 7
- Translate openITCOCKPIT into Indonesian language
- Host group extended view - Last Check time not available HOT 3
- push nrpe client external does not work HOT 2
- SystemLoad Agent Plugin - Typo HOT 3
- Refresh monitoring configuration slow HOT 4
- Add/Edit User - Container Problem HOT 3
- Hostnames of the Grafana Datasource are hardcoded HOT 1
- Allow for direct Host assignment for already registered Push mode Agents
- Output / Perfomance data truncated
- Status Pages - no groups displayed when root container selected HOT 1
- Tachograph - minimum value not used HOT 1
- Real Fullscreen Mode for Dashboards HOT 1
- Permission Services:externalCommands has no effect HOT 5
- Is it possible to set a custom webroot for reverse proxying on different url base path ? HOT 1
- SLA Information not visible on Service Browser HOT 2
- Slack notification Two-way not working
- Autoreport PHP Fatal Error
- ICMP checks not working HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from openitcockpit.