I'm using Symfony2 as framework but up until now I was using my own code for authentication and authorization. I decided to give Symfony's security system a try and after following the tutorial on its website I'm now able to login using my database.
But... I need to authenticate against a Radius server and an Active Directory if the authentication against the database fails.
Can these multiple methods of authentication be combined? how would I do that?
The solution was to create my own user authentication provider. You only need to extend UserAuthenticationProvider and do your own thing in the checkAuthentication method
Related
I'm using Codeigniter for my main project which also contains a sub-folder that has another project in Symfony (Kimai). I would like to use a single sign-in both in my main project (CodeIgniter) and the sub-folder (Symfony).
Both of these frameworks' auth mechanisms differ. What I want is that whenever a user authenticates into my main project, my Symfony project shouldn't need to ask for the auth again.
What I've tried so far:
I tried using curl to make auth.
What you need to do is write custom Authenticator for symfony, which will validate againts your data in your main application, which is CodeIgniter.
In general you might have few different approaches how to implement it
Authenticator is authenticating against some API from your main app
Authenticator reads information directly from database of your main app
Some mixture of that, with session / cookies etc (depens on your setup).
Example how to write custom authenticator in Symfony is in symfony documentation. This is clean way how to implement it in symfony without any hacks etc.
I am working with an existing legacy php authentication solution which works the following way:
Users put in their credentials
The code checks LDAP for authentication
If LDAP authentication is successful, the username is passed to a DB query to retrieve permissions
If LDAP authentication is not successful, the SQL DB is checked for authentication with the same credentials
If SQL Authentication is successful, the permissions are retrieved
If SQL Authentication is not successful, inform the user.
This is because many of our users are employees, and many are customers.
We now have a requirement from a secondary web provider to provide authentication via SAML. The request is to turn our existing auth method into a SAML Auth source. I've been experimenting with making a custom module in SimpleSAMLPhp but I'm not having any luck. The documentation for configuring an external auth source like this is lacking, and my existing code essentially inputs POST variables as arguments, which I haven't been able to shoehorn together. My difficulty in getting this to work is making me nervous about the overall security of the system if I did get it working.
What is a better solution to this problem?
From your question i have an impression that you are not very familiar with SAML protocol.
All i can do now is to give you some advices to get started.
First: Learn about protocol. Try to understand the SSO flow and differentiate which components in your company acts as "Service Provider" and "Identity Provider"
Second: Understand the scope of integration.Try to answer following questions:
- It's the application working in internal or external network ?
- Who have the access?
- Is there SAML authentication is already done for other applications in your company ?
- Is LDAP server is already controlled by Identity Provider, or you have to implement new one?
Once you get more familiar you can start thinking about development. There's many existing solutions and libraries available so once you get the concept of how protocol works it will be much easier to continue.
I will be happy to help you in your journey. This task will take you a lot of effort so be prepared.
Our project currently is build upon Yii but we're considering moving to laravel. However since our project got a huge number of modules to migrate, we're playing around the idea of running both Yii and Laravel webapps concurrently so we can migrate the modules over time (instead of all at once) to Laravel.
Both of our Yii and Laravel will be sharing the same database, hence the same user table. Is it possible to do a login (to Laravel) after our user login from our Yii login page?
I don't see why you wouldn't be able to, provided you have an identical setup and subdomains between the two. This would allow you to share cookies. What are you using for the session driver?
Alternatively you could setup a shared api that handles authentication for both, though that may be more involved than you'd want.
You probably want to create custom auth provider:
https://laracasts.com/discuss/channels/laravel/replacing-the-laravel-authentication-with-a-custom-authentication
Migrate Yii members to Laravel table, make passwords empty. Add condition to your CustomAuthProvider that such user can't be authenticated.
If anyone tries to login to Laravel without having a password, redirect to Yii login with a message explaining why he landed here.
On Yii login (successful ;)) update Laravel password with Laravel api:
Hash::make($request->newPassword)
If in Yii you had hidden redirect to Laravel frontend (could be session variable) than after last step try authenticating with provided data to Laravel.
This should explain the workflow you need to implement.
I want to bind the felogin-mask to a controller in one of my extensions, because I have a custom login process.
The idea is that the user types his data to the form, submits it and my controller handles the rest.
Is such a thing possible? Or should I do it in another way?
You have to separate the sending of credentials and the actual login process. The TYPO3 Service Reference recently got an update describing the login process and all involved services.
In short, you need to create an own authentication service. An example can be found in the openid extension that now lives on TER (used to be a system extension).
You can still use the frontend login extension to send the credentials or create the form on your own. I suggest to dig into the authentication process first. There you will find all required details.
I have a php application that I need to add Authentication system and some sort of an ACL.
for the authentication part I choose oAuth based login systems, I will initially support login via Facebook connect.
once the user is authenticated I would like to grant and deny access rights to various part of the application. I need to have these setting persistance over a database.
can you recommend some ACL classes/frameworks that are lightweight and easy to implement ? if they have some sort of a frontend to edit permission that would save me a bunch of time.
thanks!
Don't know about the frontend, you probably could find one, but Zend_Acl and Zend_Auth can be used independently of anything else in the framework.