SimpleSamlphp authentication with Vtiger
304 views
Skip to first unread message
Hafedh Debbabi
Jul 25, 2015, 11:28:23 AM7/25/15
to simpleSAMLphp
How to integrate saml authentication with Vtiger CRM ?
https://simplesamlphp.org/docs/stable/simplesamlphp-sp#section_6
Peter Schober
Jul 27, 2015, 5:12:38 AM7/27/15
to simpleSAMLphp
* Hafedh Debbabi <debbabi...@gmail.com> [2015-07-25 17:28]:
files will need some integration work, with more mature and complex
projects likely in the form of an extension or module of plugin.
In such an extension you'd have to use the application's API (Vtiger's
in this case) to manage and persist accounts and sessions, and use
SimplesAMLphp's API to initiate and process SAML.
-peter
> How to integrate saml authentication with Vtiger CRM ?
Any application that consists of more than a handful of simple PHP
files will need some integration work, with more mature and complex
projects likely in the form of an extension or module of plugin.
In such an extension you'd have to use the application's API (Vtiger's
in this case) to manage and persist accounts and sessions, and use
SimplesAMLphp's API to initiate and process SAML.
-peter
Jason Haar
Jul 29, 2015, 12:56:06 AM7/29/15
to simple...@googlegroups.com
On 27/07/15 21:14, Peter Schober wrote:
> Any application that consists of more than a handful of simple PHP
> files will need some integration work
...or if you can find a way of making vtiger "outsource" authentication
> Any application that consists of more than a handful of simple PHP
> files will need some integration work
to apache (normally called a "Basic auth" plugin or the like), then you
can simply use mod_auth_mellon to "do" the SAML bits and just put the
entire application behind that. I've done this with mediawiki - works
great :-)
--
Cheers
Jason Haar
Corporate Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
Peter Schober
Jul 29, 2015, 3:19:40 AM7/29/15
to simple...@googlegroups.com
* Jason Haar <Jason...@trimble.com> [2015-07-29 06:56]:
or even ways to use the same application: E.g. most MediaWikis I
SAMLified needed to be accessible for anonymous/unauthenticated
reading and only required authentication for write access.
While it's certainly possible to combine that with SAML
implementations that work in the web server (no doubt my preferred
way, using the Shibboleth SP, as this keeps the application and
middleware/SAML code seperate, making changed APIs on either side a
non-issue) that will often need integration work, too.
E.g. for MediaWiki there's the "Shibboleth" extension (which should be
usable with mod_mellon just fine) integrating web server-provided
attributes with the MediaWiki subject API, so keep the application's
full functionality.
Seems others asked about this for vtiger, too, with no reply in 9 years:
https://discussions.vtiger.com/index.php?p=/discussion/5728/authenticate-to-vtiger-with-http-basic-authentication/p1
-peter
> On 27/07/15 21:14, Peter Schober wrote:
> > Any application that consists of more than a handful of simple PHP
> > files will need some integration work
>
> ...or if you can find a way of making vtiger "outsource" authentication
> to apache (normally called a "Basic auth" plugin or the like), then you
> can simply use mod_auth_mellon to "do" the SAML bits and just put the
> entire application behind that. I've done this with mediawiki - works
> great :-)
ACK. There are different approaches and many different applications,
> > Any application that consists of more than a handful of simple PHP
> > files will need some integration work
>
> ...or if you can find a way of making vtiger "outsource" authentication
> to apache (normally called a "Basic auth" plugin or the like), then you
> can simply use mod_auth_mellon to "do" the SAML bits and just put the
> entire application behind that. I've done this with mediawiki - works
> great :-)
or even ways to use the same application: E.g. most MediaWikis I
SAMLified needed to be accessible for anonymous/unauthenticated
reading and only required authentication for write access.
While it's certainly possible to combine that with SAML
implementations that work in the web server (no doubt my preferred
way, using the Shibboleth SP, as this keeps the application and
middleware/SAML code seperate, making changed APIs on either side a
non-issue) that will often need integration work, too.
E.g. for MediaWiki there's the "Shibboleth" extension (which should be
usable with mod_mellon just fine) integrating web server-provided
attributes with the MediaWiki subject API, so keep the application's
full functionality.
Seems others asked about this for vtiger, too, with no reply in 9 years:
https://discussions.vtiger.com/index.php?p=/discussion/5728/authenticate-to-vtiger-with-http-basic-authentication/p1
-peter
Reply all
Reply to author
Forward
0 new messages