Differential D7525

Adding an authentication adapter for Shibboleth SSO.
AbandonedPublic
Actions

Authored by ttt on Nov 7 2013, 6:48 PM.

Details

Reviewers

epriestley

Group Reviewers

Blessed Reviewers

Summary

Shibboleth SSO integration for Phabricator installations behind Shibboleth enabled reverse-proxy.

Test Plan

First activate and configure the adapter with the header names for the Shibboleth variables introduced by your, second go to the login page and click the Login button from Login with Shibboleth section. The application must be behind a reverse proxy introducing the relevant HTTP headers. If don't have a working Shibboleth installation, the headers can be faked in the web server configuration.

Diff Detail

Branch

shibboleth_auth

Lint

Lint Passed

Unit

No Test Coverage

Event Timeline

Please consider this revision together with D7524.

Getting the header names from and passing header values to the adapter.

I understand your reasons and I have no way to improve security of this authentication adapter.
Therefore I abandon this release.

Maybe in the future I will propose this again, if a more secure form of configuration for the authentication adapter options is implemented.

devurandom added a subscriber: devurandom.Feb 27 2015, 10:12 AM

On line 15 of PhabricatorAuthProviderShibboleth.php there is a typo. It should be "authenticated".

urzds added a subscriber: urzds.Dec 4 2016, 3:10 PM

Revision Contents
Changeset List

Path

Size

src/

__phutil_library_map__.php

2 lines

applications/

auth/

provider/

PhabricatorAuthProviderShibboleth.php

246 lines

Diff 17148

View Options

src/__phutil_library_map__.php