#324 (ok 2.10.0) Single signon auth method

closed-fixed
1
2007-02-28
2006-08-23
Michal Čihař
No

Attached patch adds single signon authentication method
which grabs credentials from configured PHP session.

To integrate in phpMyAdmin, apply patch from attached
tarball and unpack php files into phpMyAdmin.

Then just select 'signon' auth type and look at
scripts/signon.php how to integrate this in your
application.

New configuration parameters:

$cfg['Servers'][$i]['SignonURL'] - where to redirect if
authentication fails
$cfg['Servers'][$i]['SignonSession'] - name of session
where to grab credentials from

Discussion

1 2 > >> (Page 1 of 2)
  • Michal Čihař
    Michal Čihař
    2006-08-23

    signon authentication method

     
    Attachments
  • Michal Čihař
    Michal Čihař
    2006-08-23

    • assigned_to: nobody --> nijel
     
  • Michal Čihař
    Michal Čihař
    2006-08-23

    Logged In: YES
    user_id=192186

    It does not resolve logout at all, I'm open to comments how
    it should be done. Delete signon data from session and
    redirest to SignonURL?

     
  • Jürgen Wind
    Jürgen Wind
    2006-08-23

    Logged In: YES
    user_id=1383652

    hi Michal,
    i installed the patch and get
    Username:
    Password:
    go

    what purpose is this meant for?
    a can login as a legal user,
    but no signon screen if i enter an unknown user.
    what's different/better in respect to the cookie/http method ?

    what do you mean by "single signon"
    and "configured PHP session" ?

    or am i missing something ;-D

    Jürgen

     
  • Michal Čihař
    Michal Čihař
    2006-08-23

    Logged In: YES
    user_id=192186

    See other two patches in this tracker to see purpose :-).
    Some other application fills in session with login data and
    then allows you to enter phpMyAdmin without need to login in it.

    The login script included here is just example how to fill
    in session data, it fills them with entered credentials, but
    in real system they will be most likely filled in from it's
    internals after user logs in.

     
  • Logged In: NO

    I filed the patched #1541379 and your patch resolve my feature.

    Can you integrate the logout out with a specific URL for
    example : $cfg['Servers'][$i]['LogoutURL'] ? for all
    'auth_type' .

    I have a bug fix to your patch:

    ***
    /usr/share/phpmyadmin/libraries/auth/signon.auth.lib.php
    2006-08-24 11:59:55.178820743 +0300
    ---
    /home/thierry/Desktop/tmp/pma-signon/libraries/auth/signon.auth.lib.php
    2006-08-23 18:14:16.000000000 +0300
    ***************
    *** 70,80 ****
    if (isset($_SESSION['PMA_single_signon_user'])) {
    $PHP_AUTH_USER =
    $_SESSION['PMA_single_signon_user'];
    }
    ! if (isset($_SESSION['PMA_single_signon_password'])) {
    $PHP_AUTH_PW =
    $_SESSION['PMA_single_signon_password'];
    }
    /* Also get token as it is needed to access
    subpages */
    ! if (isset($_SESSION['PMA_single_signon_user'] ,
    $_SESSION['PMA_single_signon_token']) ) {
    $pma_token = $_SESSION['PMA_single_signon_token'];
    }

    --- 70,80 ----
    if (isset($_SESSION['PMA_single_signon_user'])) {
    $PHP_AUTH_USER =
    $_SESSION['PMA_single_signon_user'];
    }
    ! if (isset($_SESSION['PMA_single_signon_pass'])) {
    $PHP_AUTH_PW =
    $_SESSION['PMA_single_signon_password'];
    }
    /* Also get token as it is needed to access
    subpages */
    ! if (isset($_SESSION['PMA_single_signon_user'])) {
    $pma_token = $_SESSION['PMA_single_signon_token'];
    }

     
  • Michal Čihař
    Michal Čihař
    2006-08-24

    Logged In: YES
    user_id=192186

    And should logout delete credentials from session?

     
  • Thierry
    Thierry
    2006-08-24

    Logged In: YES
    user_id=1358602

    Yes, the logout action will delete the credentials from
    'PhpMyAdmin' session and the client can change can log with
    an another pma/mysql user.

     
  • Michal Čihař
    Michal Čihař
    2006-08-24

    Logged In: YES
    user_id=192186

    Attached updated signon code which fixes issue you pointed
    out and adds support for LogoutURL (you need to set it in
    config for server).

    Would this version work for you?

     
  • Michal Čihař
    Michal Čihař
    2006-08-24

    fixed signon

     
    Attachments
1 2 > >> (Page 1 of 2)