New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[studio] Support SAML2 authentication via mod_mellon (i.e. HTTP headers) #1645

Closed
sumerjabri opened this Issue Nov 28, 2017 · 5 comments

Comments

@sumerjabri
Member

sumerjabri commented Nov 28, 2017

Per our conversation, please support headers-based authentication.

Please add the configuration items (feel free to rename/add/remove and then discuss with me):

studio.authentication.headers.enabled=false
studio.authentication.headers.secureKeyHeaderName={some key you expect}
studio.authentication.headers.secureKeyHeaderValue={some key you expect}
studio.authentication.headers.username={username header pattern}
studio.authentication.headers.firstName=
studio.authentication.headers.lastName=
studio.authentication.headers.email=
studio.authentication.headers.groups={comma-separated list of groups}

This precedes LDAP in the chain (headers, LDAP, DB).

Ping to review when ready.

@dejan-brkic

This comment has been minimized.

Show comment
Hide comment
@dejan-brkic
Member

dejan-brkic commented Dec 11, 2017

@dejan-brkic dejan-brkic moved this from In Progress to Test & Validate in Crafter CMS v3.0.x Dec 11, 2017

@sumerjabri sumerjabri assigned alhambrav and unassigned sumerjabri Dec 18, 2017

@sumerjabri

This comment has been minimized.

Show comment
Hide comment
@sumerjabri

sumerjabri Dec 18, 2017

Member

@alhambrav please validate. You can use a Chrome plugin that sets headers and see how well that works.

Member

sumerjabri commented Dec 18, 2017

@alhambrav please validate. You can use a Chrome plugin that sets headers and see how well that works.

@alhambrav alhambrav assigned dejan-brkic and unassigned alhambrav Jan 3, 2018

@alhambrav alhambrav moved this from Test & Validate to Backlog in Crafter CMS v3.0.x Jan 3, 2018

@dejan-brkic dejan-brkic moved this from Backlog to In Progress in Crafter CMS v3.0.x Jan 3, 2018

@dejan-brkic

This comment has been minimized.

Show comment
Hide comment
@dejan-brkic

dejan-brkic Jan 3, 2018

Member

Done
PR:
craftercms/studio#1000

Configuration:

studio.security.type: headers
# Authentication via headers enabled
studio.authentication.headers.enabled: true
# Authentication header for secure key
studio.authentication.headers.secureKeyHeaderName: secure_key
# Authentication headers secure key that is expected to match secure key value from headers
# Typically this is placed in the header by the authentication agent, e.g. Apache mod_mellon
studio.authentication.headers.secureKeyHeaderValue: secure
# Authentication header for username
studio.authentication.headers.username: username
# Authentication header for first name
studio.authentication.headers.firstName: firstname
# Authentication header for last name
studio.authentication.headers.lastName: lastname
# Authentication header for email
studio.authentication.headers.email: email
# Authentication header for groups: comma separated list of sites and groups
#   Example:
#   craftercms1645,Author,anothersite,Author
studio.authentication.headers.groups: groups
Member

dejan-brkic commented Jan 3, 2018

Done
PR:
craftercms/studio#1000

Configuration:

studio.security.type: headers
# Authentication via headers enabled
studio.authentication.headers.enabled: true
# Authentication header for secure key
studio.authentication.headers.secureKeyHeaderName: secure_key
# Authentication headers secure key that is expected to match secure key value from headers
# Typically this is placed in the header by the authentication agent, e.g. Apache mod_mellon
studio.authentication.headers.secureKeyHeaderValue: secure
# Authentication header for username
studio.authentication.headers.username: username
# Authentication header for first name
studio.authentication.headers.firstName: firstname
# Authentication header for last name
studio.authentication.headers.lastName: lastname
# Authentication header for email
studio.authentication.headers.email: email
# Authentication header for groups: comma separated list of sites and groups
#   Example:
#   craftercms1645,Author,anothersite,Author
studio.authentication.headers.groups: groups
@sumerjabri

This comment has been minimized.

Show comment
Hide comment
@sumerjabri

sumerjabri Jan 12, 2018

Member

@alhambrav please validate :)

Member

sumerjabri commented Jan 12, 2018

@alhambrav please validate :)

@alhambrav

This comment has been minimized.

Show comment
Hide comment
@alhambrav

alhambrav Jan 12, 2018

Member

Verified.

Member

alhambrav commented Jan 12, 2018

Verified.

@alhambrav alhambrav closed this Jan 12, 2018

Crafter CMS v3.0.x automation moved this from Test & Validate to Completed Jan 12, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment