Redevelop alternative login methods in v2

[jmontoyaa]

The file local.inc.php is not used anymore in V2, instead we use EventListeners and the security symfony component to login the user.

I think we should remove all that code and lately integrate different kind of login methods.
Right now we have this in V1, not sure if all of them are working in 1.11.x

Folder main/auth

V1	V2
conditional_login	deleted
key	deleted
CAS	https://github.com/BeSimple/BeSimpleSsoAuthBundle https://github.com/l3-team/CasBundle https://github.com/PRayno/CasAuthBundle
external_login	https://github.com/hwi/HWIOAuthBundle
ldap	https://symfony.com/doc/current/components/ldap.html https://symfony.com/doc/current/security/ldap.html
openid	deleted replaced with https://github.com/hwi/HWIOAuthBundle
shibboleth	http://activelamp.com/blog/development/shibboleth-authentication-in-symfony/
sso	could be replaced with https://github.com/hwi/HWIOAuthBundle

What to do? We want all of them in v2?

[ywarnier]

cas => ??

Should be working. As far as I know @baelmyhu is using that.

conditional_login => ??

I'm not sure this is still used. It was used by CBlue, which does not use Chamilo a lot anymore.

external_login https://github.com/hwi/HWIOAuthBundle

The externa_login is used for several things, including, I think, the SSO mechanisms (also referenced below) that point to main/auth/sso/. This is used, between other things, by the Drupal plugin, but we also have a few users with custom SSO implementations. The current behaviour should be maintained or we should make very clear that it doesn't work anymore and write a documentation about how to make it work with the new authentication API.

key => ??

Not sure what that is.

ldap => could be replaced with https://symfony.com/doc/current/components/ldap.html

Whatever we do, we have several big customers using that, so we should provide a clear documentation on how to switch from what we currently have to something new.

openid -> could be replaced with https://github.com/hwi/HWIOAuthBundle

Yes. I don't think anyone really uses it in a critical way and the hope is that implementing it will make it much easier to enable and use.

shibboleth => ??

This is used by Unige.ch. We should communicate with them. I don't think anyone else uses it apart from them, but Shibboleth is popular in the academic sector, so we should maintain a possibility to connect with it. This being said, I think it is strongly linked to CAS, mentioned above (like a subset of CAS or something like that), so we should maybe unite those two in the code.

sso -> could be replaced with https://github.com/hwi/HWIOAuthBundle

Mentioned in one of my comments above. We need either to transfer the functionality that we offer now, or write a very good documentation on how to do it.

In my opinion, you could start with OpenID and/or OAuth2.0, thinking about including the others, then write a documentation on how to extend the mechanism and then we will look at them one by one.
I just don't know what the "key" and "conditional_login" are anymore, but I think there are some references to conditional_login in Chamilo's code. For me, these 2 are the only ones that can be forgotten in the move to 2.0.

[AngelFQC]

conditional_login

Conditional login is used in 1.11.x by the new version of Whispeak plugin when implementing 2FA login.

[ywarnier]

Other methods than the normal Chamilo login have to be re-implemented in v2 using the Symfony bundles

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[jmontoyaa]

The login process is handled by Symfony using our User entity as a backend.
In order to add different authentification methods we should use https://github.com/knpuniversity/oauth2-client-bundle or another alternative that we can hook to Symfony.

[christianbeeznest]

The bundle oauth2-client-bundle is added in chamilo 2 master for alternative login using oauth , https://github.com/knpuniversity/oauth2-client-bundle