Add support for authentication through federated identity providers

[NicolasCARPi]

Add LDAP support.

[sulian]

👍

[gecgooden]

Has there been any progress on this feature?
If not, could you suggest where I should look to so I can start working on it? I assume it'd be best to add the logic to app/classes/Auth.php?

[NicolasCARPi]

Hello,

There hasn't been any progress yet. Indeed Auth would be a good place to start. The checkCredentials() method should probably be the one to modify to access an LDAP server.

[gecgooden]

Cool, I'll have a look at that soon. Thanks!

[NicolasCARPi]

This can be a good inspiration: https://wordpress.org/plugins/simple-ldap-login/

And this to know how it works: http://www.brennan.id.au/20-Shared_Address_Book_LDAP.html

[kirkog86]

Hi all, any update regarding LDAP support?

[gecgooden]

Unfortunately, I've not had the opportunity to work on it, so no progress has been made.

[kirkog86]

OK. I'll start to work on it. Will update on progress.

[NicolasCARPi]

Leaving this here: https://github.com/Jasig/phpCAS

[NicolasCARPi]

So here is what will happen: there will not be a LDAP integration, but something better: an saml2 mechanism for identity, that can work with identity federations (like edugain, or like the one in your institute). Behind the IDP, it can be LDAP or anything else (probably LDAP anyway), but that doesn't concern elabftw, because of this layer of abstraction :)

I'll begin working on it after releasing the (hopefully) last patch for 1.5 branch. I'm leaving this issue open, but renaming it.

[NicolasCARPi]

The code is written. Now I need to test it in real conditions and also allow flexibility to work with the different attributes used by each organization.