Cosign Authentication

bradallenfisher · June 17, 2015, 12:51pm

Hi I am new here so I hope that this is the right place to ask this.

I am wondering if there is anyone working on a single sign on solution using cosign. We use cosign to log in to our CMS and the powers that be would like me to add this functionality to our phplist install.

I don’t see any hooks in the defaultplugins.php code for admin authentication. Am i missing something? How hard would it be to hook into the current admin login page and reroute the admin user to a cosign authentication?

thanks for any advice in advance.

duncanc · June 17, 2015, 1:15pm

See this section in the config.php file regarding the possibility of defining your own authentication:

# admin authentication module.
# to validate the login for an administrator, you can define your own authentication module
# this is not finished yet, so don't use it unless you're happy to play around with it
# if you have modules to contribute, open a tracker issue at http://mantis.phplist.com
# the default module is phplist_auth.inc, which you can find in the "auth" subdirectory of the
# admin directory. It will tell you the functions that need to be defined for phplist to
# retrieve it's information.
# phplist will look for a file in that directory, or you can enter the full path to the file

bradallenfisher · June 17, 2015, 2:00pm

That’s great! thanks @duncanc. Has anyone had any luck with cosign authentication specifically?

duncanc · June 17, 2015, 3:33pm

I’m not aware of any additions to phplist in this way.

But looking at how the authentication works, I’m not sure that it is going to do what you need. All it seems to do is let you have custom validation of the entered id and password. So you could validate those in a different database, but it is not possible to reroute to a different application to prompt for credentials.

bradallenfisher · June 18, 2015, 12:59pm

Looks like this issue has been asked about before, without resolve as well.
https://forums.phplist.com/viewtopic.php?f=10&t=38080

Thanks for looking into this.

bradallenfisher · June 19, 2015, 5:09pm

@duncanc,

This is now working thanks to your code!
I am not sure where you are going to host the code, but not every SSO uses the same log out process…
I would suggest that a settings field for logout link in the plugin would be helpful.

I am going to study more on how to hook into phplist and maybe I will be able to provide that functionality.

Thanks!

bradallenfisher · June 19, 2015, 6:06pm

I was able to create the setting that allows an admin to plug in the logout url into the settings section of phplist.
You can grab that code from me if you want it for your repo or let me know what you want me to do.

Thanks.

bradallenfisher · June 20, 2015, 8:00am

This now exists here: https://resources.phplist.com/plugin/cosign

What a great community! Thanks everyone for your help getting this up and running.

danwaterloo · June 20, 2015, 11:19am

Hi Brad, Thanks for putting this together! Dan

bradallenfisher · June 21, 2015, 12:49pm

No problem! I can’t take full credit, this was mostly duncan’s code, I really just added the logout function and the setting for the service URL. It does make more sense for me to maintain it though, since I have the cosign service running on my servers.

anna · June 22, 2015, 11:15am

Hey, if anyone wants to write a blog about this, that would be super awesome

A
x