I'm writing a PHP web application on Laravel 4 that does user authentication with my university's CAS (Central Authentication Server). I am using this package to do the CAS authentication: http://packalyst.com/packages/package/xavrsl/cas
Here is my configuration file for the CAS authentication: CAS Config
Here is my 'User' model that is referenced in the CAS Config: User Model
My current problem is actually checking the authentication itself after the user has logged in (using a simple check, if isAuthenticated() echo "Authenticated"). Laravel throws this error when trying to use the isAuthenticated function: Laravel Error and Exception thrown.
Background about how the authentication should work: Since no passwords are stored in the application database (just in the CAS), I'm planning on checking the authentication via CAS, and then associating their ULID (university username) with a permission setting using the Entrust package (Entrust).
Is this a feasible way to do the authentication and then control user permissions? Normally user authentication and permissions wouldn't be such a problem for me, but adding CAS into the equation is just making this a bit tough, especially with me being new to Laravel.
Found the solution to my problem. I removed the 'User' from the cas_uri in the config and everything works A-OK now.
Related
I am running into a situation where I am creating an application in symfony 6.2 to replace a legacy application. We are keeping all the users and I have a migration command that is moving the users from the legacy application to the new one. The problem I am running into has to do with the users’ passwords.
My preferred workflow would be:
User logs into new application
Form based authentication tests the credentials
Attempt to login to the legacy application API on credential test failure
Encode and store password in new application when the API login to the legacy application succeeds
I am stuck at the point of determining that the current user's credentials do not work on the new application and performing the API call to encode the password and store it.
Preferably I would like to be able to chain authenticators though I do not see that as an option.
I have created a custom authenticator that would perform the actions needed against the legacy API and on success encode and store the provided password to the user object.
I am wondering whether my custom authenticator has to handle the new application login form and security tasks?
Thanks in advance :)
First of all, i am very new to Laravel and Azure and i am not very sure what i am doing.
I want to add Authentication to my Laravel Web Application.
I followed the instructions in this Link to do that:
When i press my Login Button, which leeds me to "/login/azure" i get directed to
https://login.microsoftonline.com/ef7e48cb-7676-47e9-9a28-c69910d92560/oauth2/authorize?response_type=code&client_id=3a0621c0-2848-47f5-83ee-bebeede8aaa6&resource=
I can add my credentials here and then i get redirected to my welcome page and there is a very long code in my uri and after that a short session code. What does this mean? Am i logged in now? How can i test that and how can i create different roles for my Application now?
Could it be that i have to enable the default laravel Authentication with the "php artisan make:auth" command? Is it bad that i have no resource in the uri u see above? What do i have to put there?
First, understand OAuth on Azure.
https://learn.microsoft.com/en-us/azure/active-directory/develop/v1-protocols-oauth-code
You do not need a resource if you are using the "converged" endpoint (v2). The endpoint you show is v1, so yes, you need to specify what resource you're authenticating against and what granted permissions are for it. Check out What is the Resource parameter in Windows Azure AD tenant application oAuth 2.0 specification
Have you created an app registration (see the Azure Active Directory blade)?
Welcome to OAuth.
I am developing a web app using Laravel, But I have to integrate the mobile application in the future. Now I want to ass API Authentication passport. I am a little bit confused how passport API handle multi auth system form multiple user and permission systems. Currently, I am using Laravel default auth to handle user. Is there any library for Laravel multi auth using API Authentication passport??
The thing you have to understand about Passport is that it is nothing more than a Laravel wrapper of the oAuth2 framework, specifically this implementation: https://github.com/thephpleague/oauth2-server
As such, you must understand how the different oAuth2 grant types work. I recommend reading up on oAuth2 to familiarize yourself with the concepts (I personally found this site to be the most helpful for understanding the different grant types: http://www.bubblecode.net/en/2016/01/22/understanding-oauth2/).
Specifically to your question, take a look at Password Grant Tokens (https://laravel.com/docs/5.6/passport#password-grant-tokens) for use in a mobile app. Once you have your token, Laravel handles all the Authentication behind the scenes and you can use Auth::user() as you would normally, assuming you have Passport set up and configured correctly; the user is tied to the token and is independent of any other token and any logged in user.
As for permission systems, Passport uses scopes (https://laravel.com/docs/5.6/passport#token-scopes) which is a handy way of limiting what routes your tokens have access to. Aside from that, permission management for the Auth::user() is the same as any other user using your application.
EDIT:
Passport scopes are used to lock down routes, so they can be used. However, Passport is only concerned with authentication (ie, is this user valid) and NOT with authorization (ie, what can this user do). How you authorize users to do different things is 100% independent of Passport and is up to your web app.
I'm currently developing an app using Laravel. What I want to do, is to link this app to a SugarCRM app.
A simple workflow could be this:
User arrives to the app (Laravel app), enters its credentials
-> Credentials are sent to SugarCRM
-> if credentials are ok, the user is logged into the Laravel app.
Long story short, SugarCRM is used for the authentication to my Laravel App.
To do this, I developed a custom driver to my Laravel app.
The problem is:
If I quote the Laravel doc about custom Auth driver:
retrieveByCredentials: This method should not attempt to do any password validation or authentication.
Laravel Auth system requires to check first if the user exists in the base, with "no attempt to do any password validation or authentication".
But to do any kind of request to SugarCRM, I must authenticate first.
How should I deal with this without writing too dirty code?
What the docs mean there is that function shouldn't validate or authenticate credentials for your application. So if that function is called it shouldn't log that user in, but just return their credentials.
Its fine to authenticate to your external service so you can interact with their API.
I'm using Symfony2 as framework but up until now I was using my own code for authentication and authorization. I decided to give Symfony's security system a try and after following the tutorial on its website I'm now able to login using my database.
But... I need to authenticate against a Radius server and an Active Directory if the authentication against the database fails.
Can these multiple methods of authentication be combined? how would I do that?
The solution was to create my own user authentication provider. You only need to extend UserAuthenticationProvider and do your own thing in the checkAuthentication method