mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-11-25 01:13:25 +01:00
* OpenIDConnect: allow to show as button on login page to use together with regular password login
also fix/hack not working social icons and SAML button on login page
This commit is contained in:
parent
684d509d03
commit
c6d14a5f6e
@ -21,7 +21,8 @@ catch (exception){
|
|||||||
}
|
}
|
||||||
|
|
||||||
// listen to egw-is-created object to make sure egw object is ready
|
// listen to egw-is-created object to make sure egw object is ready
|
||||||
document.addEventListener('egw-is-created', function(){
|
//document.addEventListener('egw-is-created', function(){
|
||||||
|
window.setTimeout(() => {
|
||||||
egw_ready.then(function()
|
egw_ready.then(function()
|
||||||
{
|
{
|
||||||
jQuery(document).ready(function()
|
jQuery(document).ready(function()
|
||||||
@ -73,9 +74,9 @@ document.addEventListener('egw-is-created', function(){
|
|||||||
}
|
}
|
||||||
});
|
});
|
||||||
// or optional SAML login with a button for a single IdP
|
// or optional SAML login with a button for a single IdP
|
||||||
jQuery('input[type="submit"][name="auth=saml"]').on('click', function(){
|
jQuery('input[type="submit"][name^="auth="]').on('click', function(){
|
||||||
this.form.method = 'get';
|
this.form.method = 'get';
|
||||||
jQuery(this.form).append('<input type="hidden" name="auth" value="saml"/>');
|
jQuery(this.form).append('<input type="hidden" name="auth" value="'+this.name.split('=')[1]+'"/>');
|
||||||
});
|
});
|
||||||
// prefer [Login] button below over maybe existing SAML login button above
|
// prefer [Login] button below over maybe existing SAML login button above
|
||||||
jQuery('input').on('keypress', function(e)
|
jQuery('input').on('keypress', function(e)
|
||||||
@ -104,4 +105,4 @@ document.addEventListener('egw-is-created', function(){
|
|||||||
console.log('Service worker registration failed, error:', error);
|
console.log('Service worker registration failed, error:', error);
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
});
|
}, 500);
|
@ -71,7 +71,7 @@ $setup_info['api']['hooks']['vfs_rmdir'] = 'EGroupware\\Api\\Vfs\\Sharing::vfsUp
|
|||||||
|
|
||||||
// hook to update SimpleSAMLphp config
|
// hook to update SimpleSAMLphp config
|
||||||
$setup_info['api']['hooks']['setup_config'] = [\EGroupware\Api\Auth\Saml::class.'::setupConfig', \EGroupware\Api\Accounts\Import::class.'::setupConfig'];
|
$setup_info['api']['hooks']['setup_config'] = [\EGroupware\Api\Auth\Saml::class.'::setupConfig', \EGroupware\Api\Accounts\Import::class.'::setupConfig'];
|
||||||
$setup_info['api']['hooks']['login_discovery'] = \EGroupware\Api\Auth\Saml::class.'::discovery';
|
$setup_info['api']['hooks']['login_discovery'] = [\EGroupware\Api\Auth\Saml::class.'::discovery', \EGroupware\Api\Auth\Openidconnect::class.'::discovery'];
|
||||||
|
|
||||||
// installation checks
|
// installation checks
|
||||||
$setup_info['api']['check_install'] = array(
|
$setup_info['api']['check_install'] = array(
|
||||||
|
@ -178,7 +178,7 @@ class Auth
|
|||||||
Session::egw_setcookie(Session::EGW_SESSION_NAME, session_id());
|
Session::egw_setcookie(Session::EGW_SESSION_NAME, session_id());
|
||||||
}
|
}
|
||||||
|
|
||||||
$backend = self::backend($type ?? null, false);
|
$backend = self::backend($type ?? null, !empty($type));
|
||||||
|
|
||||||
return $backend instanceof Auth\BackendSSO ? $backend->login() : null;
|
return $backend instanceof Auth\BackendSSO ? $backend->login() : null;
|
||||||
}
|
}
|
||||||
|
@ -28,6 +28,9 @@ class Openidconnect implements BackendSSO
|
|||||||
$this->client = new OpenIDConnectClient($GLOBALS['egw_info']['server']['oic_provider'],
|
$this->client = new OpenIDConnectClient($GLOBALS['egw_info']['server']['oic_provider'],
|
||||||
$GLOBALS['egw_info']['server']['oic_client_id'],
|
$GLOBALS['egw_info']['server']['oic_client_id'],
|
||||||
$GLOBALS['egw_info']['server']['oic_client_secret']);
|
$GLOBALS['egw_info']['server']['oic_client_secret']);
|
||||||
|
|
||||||
|
// add scopes we are processing ('openid' is added automatic)
|
||||||
|
$this->client->addScope(['email', 'profile']);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -53,9 +56,9 @@ class Openidconnect implements BackendSSO
|
|||||||
try {
|
try {
|
||||||
$user_info = $this->client->requestUserInfo();
|
$user_info = $this->client->requestUserInfo();
|
||||||
$GLOBALS['auto_create_acct'] = [
|
$GLOBALS['auto_create_acct'] = [
|
||||||
'firstname' => $user_info['given_name'],
|
'firstname' => $user_info->given_name,
|
||||||
'lastname' => $user_info['family_name'],
|
'lastname' => $user_info->family_name,
|
||||||
'email' => $user_info['email'],
|
'email' => $user_info->email,
|
||||||
// not (yet) used supported keys
|
// not (yet) used supported keys
|
||||||
//'primary_group' => '',
|
//'primary_group' => '',
|
||||||
//'add_group' => '',
|
//'add_group' => '',
|
||||||
@ -77,6 +80,22 @@ class Openidconnect implements BackendSSO
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Display a IdP selection / discovery
|
||||||
|
*
|
||||||
|
* Will be displayed if IdP(s) are added in setup and a discovery label is specified.
|
||||||
|
*
|
||||||
|
* @return string|null html to display in login page or null to disable the selection
|
||||||
|
*/
|
||||||
|
static public function discovery()
|
||||||
|
{
|
||||||
|
if (empty($GLOBALS['egw_info']['server']['openidconnect_discovery']))
|
||||||
|
{
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
return Api\Html::input('auth=openidconnect', $GLOBALS['egw_info']['server']['openidconnect_discovery'], 'submit', 'formmethod="get"');
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Logout SSO system
|
* Logout SSO system
|
||||||
*/
|
*/
|
||||||
|
@ -86,7 +86,10 @@ class Login
|
|||||||
$discovery = '';
|
$discovery = '';
|
||||||
foreach(Api\Hooks::process('login_discovery', [], true) as $app => $data)
|
foreach(Api\Hooks::process('login_discovery', [], true) as $app => $data)
|
||||||
{
|
{
|
||||||
if (!empty($data)) $discovery .= $data;
|
foreach((array)$data as $d)
|
||||||
|
{
|
||||||
|
if (!empty($d)) $discovery .= $d;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
if (!empty($discovery))
|
if (!empty($discovery))
|
||||||
{
|
{
|
||||||
@ -437,4 +440,4 @@ class Login
|
|||||||
return htmlspecialchars($code);
|
return htmlspecialchars($code);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
@ -523,6 +523,7 @@ optional, if only authentication and anonymous search is enabled setup de option
|
|||||||
or setup de oder
|
or setup de oder
|
||||||
or %1continue to the header admin%2 setup de oder %1mit der Headerverwaltung weiter machen%2
|
or %1continue to the header admin%2 setup de oder %1mit der Headerverwaltung weiter machen%2
|
||||||
or http://webdav.domain.com (webdav) setup de oder http://webdav.domain.com (für WebDAV)
|
or http://webdav.domain.com (webdav) setup de oder http://webdav.domain.com (für WebDAV)
|
||||||
|
or leave empty and select openidconnect as authentication type above for single sign on setup de oder leer lassen und für SingleSignOn oberhalb OpenIDConnect als Art der Authentifizierung auswählen
|
||||||
or leave empty and select saml as authentication type above for single sign on setup de oder leer lassen und für SingleSignOn oberhalb SAML als Art der Authentifizierung auswählen
|
or leave empty and select saml as authentication type above for single sign on setup de oder leer lassen und für SingleSignOn oberhalb SAML als Art der Authentifizierung auswählen
|
||||||
or we can attempt to create the database for you: setup de Oder wir können versuchen die Datenbank für Sie anzulegen:
|
or we can attempt to create the database for you: setup de Oder wir können versuchen die Datenbank für Sie anzulegen:
|
||||||
or you can install a previous backup. setup de Oder Sie können eine vorherige Datensicherung installieren.
|
or you can install a previous backup. setup de Oder Sie können eine vorherige Datensicherung installieren.
|
||||||
|
@ -523,6 +523,7 @@ optional, if only authentication and anonymous search is enabled setup en option
|
|||||||
or setup en or
|
or setup en or
|
||||||
or %1continue to the header admin%2 setup en or %1Continue to the Header Admin%2
|
or %1continue to the header admin%2 setup en or %1Continue to the Header Admin%2
|
||||||
or http://webdav.domain.com (webdav) setup en or http://webdav.domain.com (WebDAV)
|
or http://webdav.domain.com (webdav) setup en or http://webdav.domain.com (WebDAV)
|
||||||
|
or leave empty and select openidconnect as authentication type above for single sign on setup en or leave empty and select OpenIDConnect as authentication type above for single sign on
|
||||||
or leave empty and select saml as authentication type above for single sign on setup en or leave empty and select SAML as authentication type above for single sign on
|
or leave empty and select saml as authentication type above for single sign on setup en or leave empty and select SAML as authentication type above for single sign on
|
||||||
or we can attempt to create the database for you: setup en Or attempt to create the database:
|
or we can attempt to create the database for you: setup en Or attempt to create the database:
|
||||||
or you can install a previous backup. setup en Or install a previous backup.
|
or you can install a previous backup. setup en Or install a previous backup.
|
||||||
|
@ -274,7 +274,7 @@
|
|||||||
|
|
||||||
<tr class="row_off">
|
<tr class="row_off">
|
||||||
<td>{lang_Add_auto-created_users_to_this_group_('Default'_will_be_attempted_if_this_is_empty.)}:</td>
|
<td>{lang_Add_auto-created_users_to_this_group_('Default'_will_be_attempted_if_this_is_empty.)}:</td>
|
||||||
<td><input name="newsettings[default_group_lid]" value="{value_default_group_lid}" /></td>
|
<td><input name="newsettings[default_group_lid]" value="{value_default_group_lid}" placeholder="Default" /></td>
|
||||||
</tr>
|
</tr>
|
||||||
|
|
||||||
<tr class="row_on">
|
<tr class="row_on">
|
||||||
@ -476,6 +476,10 @@
|
|||||||
{lang_EGroupware's_callback_URL_is_the_one_of_the_login_page}: <a href="{value_webserver_url}/login.php">{lang_Callback_URL}</a>
|
{lang_EGroupware's_callback_URL_is_the_one_of_the_login_page}: <a href="{value_webserver_url}/login.php">{lang_Callback_URL}</a>
|
||||||
</td>
|
</td>
|
||||||
</tr>
|
</tr>
|
||||||
|
<tr class="row_on">
|
||||||
|
<td>{lang_Label_to_display_as_option_on_login_page}:<br/>{lang_or_leave_empty_and_select_OpenIDConnect_as_authentication_type_above_for_single_sign_on}</td>
|
||||||
|
<td><input name="newsettings[openidconnect_discovery]" placeholder="{lang_OpenIDConnect_Login}" value="{value_openidconnect_discovery}" size="20" /></td>
|
||||||
|
</tr>
|
||||||
<tr class="row_off">
|
<tr class="row_off">
|
||||||
<td>{lang_URL_of_the_IdP_(without_path)}:</td>
|
<td>{lang_URL_of_the_IdP_(without_path)}:</td>
|
||||||
<td><input name="newsettings[oic_provider]" value="{value_oic_provider}" size="80" /></td>
|
<td><input name="newsettings[oic_provider]" value="{value_oic_provider}" size="80" /></td>
|
||||||
|
Loading…
Reference in New Issue
Block a user