Skip to content
/ t3ext-oidc Public
forked from xperseguers/t3ext-oidc

This extension uses OpenID Connect to authenticate users.

0 stars 31 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

gionkoch/t3ext-oidc

BranchesTags
 
 

Repository files navigation

OpenID Connect

This extension lets you authenticate Frontend users against an OpenID Connect server. It is preconfigured to work with the WSO2 Identity Server from the Swiss Alpine Club but may be used with your own identity server as well.

If you are a Swiss Alpine Club section, be sure to get in touch with Bern in order to get your dedicated private key and secret.

Configuring

Mapping Frontend User Fields

  • Configuration is done through TypoScript within plugin.tx_oidc.mapping.fe_users

  • OIDC attributes will be recognized by the specific characters <>:

    email = <mail>

  • You may combine multiple markers as well, e.g.,

    name = <family_name>, <given_name>

  • Support for stdWrap in field definition, e.g.,

    name = <name>
name.wrap = |-OIDC

  • Support for TypoScript "split" (//). This will check multiple field names and return the first one yielding some non-empty value. E.g.,

    username = <sub> // <contact_number> // <emailaddress> // <benutzername>

Mapping Frontend User Groups

  • Create your groups within TYPO3
  • Use the additional pattern to relate it to roles within OpenID Connect
  • Local TYPO3 groups (not related to some role) will be kept upon authenticating
  • Default TYPO3 group(s) as configured in Extension Manager will always be added

Logging

This extension makes use of the Logging system introduced in TYPO3 CMS 6.0. It is far more flexible than the old one writing to the "sys_log" table. Technical details may be found in the TYPO3 Core API.

As an administrator, what you should know is that the TYPO3 Logger forwards log records to "Writers", which persist the log record.

By default, with a vanilla TYPO3 installation, messages are written to the default log file (typo3temp/logs/typo3_*.log).

Dedicated Log File for OpenID Connect

If you want to redirect every logging information from this extension to typo3temp/logs/oidc.log and send log entries with level "WARNING" or above to the system log, you may add following configuration to typo3conf/AdditionalConfiguration.php:

$GLOBALS['TYPO3_CONF_VARS']['LOG']['Causal']['Oidc']['writerConfiguration'] = [
    \TYPO3\CMS\Core\Log\LogLevel::DEBUG => [
        \TYPO3\CMS\Core\Log\Writer\FileWriter::class => [
            'logFile' => 'typo3temp/logs/oidc.log'
        ],
    ],

    // Configuration for WARNING severity, including all
    // levels with higher severity (ERROR, CRITICAL, EMERGENCY)
    \TYPO3\CMS\Core\Log\LogLevel::WARNING => [
        \TYPO3\CMS\Core\Log\Writer\SyslogWriter::class => [],
    ],
];

Hint: Be sure to read Configuration of the Logging system to fine-tune your configuration on any production website.

About

This extension uses OpenID Connect to authenticate users.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

2 tags

Packages

No packages published

Languages

  • PHP 90.0%
  • HTML 10.0%