Cosign Authentication

Hi I am new here so I hope that this is the right place to ask this.

I am wondering if there is anyone working on a single sign on solution using cosign. We use cosign to log in to our CMS and the powers that be would like me to add this functionality to our phplist install.

I don’t see any hooks in the defaultplugins.php code for admin authentication. Am i missing something? How hard would it be to hook into the current admin login page and reroute the admin user to a cosign authentication?

thanks for any advice in advance. :smiley:

See this section in the config.php file regarding the possibility of defining your own authentication:

# admin authentication module.
# to validate the login for an administrator, you can define your own authentication module
# this is not finished yet, so don't use it unless you're happy to play around with it
# if you have modules to contribute, open a tracker issue at
# the default module is, which you can find in the "auth" subdirectory of the
# admin directory. It will tell you the functions that need to be defined for phplist to
# retrieve it's information.
# phplist will look for a file in that directory, or you can enter the full path to the file

That’s great! thanks @duncanc. Has anyone had any luck with cosign authentication specifically?

1 Like

I’m not aware of any additions to phplist in this way.

But looking at how the authentication works, I’m not sure that it is going to do what you need. All it seems to do is let you have custom validation of the entered id and password. So you could validate those in a different database, but it is not possible to reroute to a different application to prompt for credentials.

1 Like

Looks like this issue has been asked about before, without resolve as well.

Thanks for looking into this.


This is now working thanks to your code!
I am not sure where you are going to host the code, but not every SSO uses the same log out process…
I would suggest that a settings field for logout link in the plugin would be helpful.

I am going to study more on how to hook into phplist and maybe I will be able to provide that functionality.


I was able to create the setting that allows an admin to plug in the logout url into the settings section of phplist.
You can grab that code from me if you want it for your repo or let me know what you want me to do.


This now exists here:

What a great community! Thanks everyone for your help getting this up and running.

Hi Brad, Thanks for putting this together! Dan

1 Like

No problem! I can’t take full credit, this was mostly duncan’s code, I really just added the logout function and the setting for the service URL. It does make more sense for me to maintain it though, since I have the cosign service running on my servers.

Hey, if anyone wants to write a blog about this, that would be super awesome :slight_smile: