* OpenIDConnect: allow to show as button on login page to use together with regular password login

also fix/hack not working social icons and SAML button on login page
This commit is contained in:
ralf 2024-01-13 12:57:50 +02:00
parent 684d509d03
commit c6d14a5f6e
8 changed files with 41 additions and 12 deletions

View File

@ -21,7 +21,8 @@ catch (exception){
} }
// listen to egw-is-created object to make sure egw object is ready // listen to egw-is-created object to make sure egw object is ready
document.addEventListener('egw-is-created', function(){ //document.addEventListener('egw-is-created', function(){
window.setTimeout(() => {
egw_ready.then(function() egw_ready.then(function()
{ {
jQuery(document).ready(function() jQuery(document).ready(function()
@ -73,9 +74,9 @@ document.addEventListener('egw-is-created', function(){
} }
}); });
// or optional SAML login with a button for a single IdP // or optional SAML login with a button for a single IdP
jQuery('input[type="submit"][name="auth=saml"]').on('click', function(){ jQuery('input[type="submit"][name^="auth="]').on('click', function(){
this.form.method = 'get'; this.form.method = 'get';
jQuery(this.form).append('<input type="hidden" name="auth" value="saml"/>'); jQuery(this.form).append('<input type="hidden" name="auth" value="'+this.name.split('=')[1]+'"/>');
}); });
// prefer [Login] button below over maybe existing SAML login button above // prefer [Login] button below over maybe existing SAML login button above
jQuery('input').on('keypress', function(e) jQuery('input').on('keypress', function(e)
@ -104,4 +105,4 @@ document.addEventListener('egw-is-created', function(){
console.log('Service worker registration failed, error:', error); console.log('Service worker registration failed, error:', error);
}); });
} }
}); }, 500);

View File

@ -71,7 +71,7 @@ $setup_info['api']['hooks']['vfs_rmdir'] = 'EGroupware\\Api\\Vfs\\Sharing::vfsUp
// hook to update SimpleSAMLphp config // hook to update SimpleSAMLphp config
$setup_info['api']['hooks']['setup_config'] = [\EGroupware\Api\Auth\Saml::class.'::setupConfig', \EGroupware\Api\Accounts\Import::class.'::setupConfig']; $setup_info['api']['hooks']['setup_config'] = [\EGroupware\Api\Auth\Saml::class.'::setupConfig', \EGroupware\Api\Accounts\Import::class.'::setupConfig'];
$setup_info['api']['hooks']['login_discovery'] = \EGroupware\Api\Auth\Saml::class.'::discovery'; $setup_info['api']['hooks']['login_discovery'] = [\EGroupware\Api\Auth\Saml::class.'::discovery', \EGroupware\Api\Auth\Openidconnect::class.'::discovery'];
// installation checks // installation checks
$setup_info['api']['check_install'] = array( $setup_info['api']['check_install'] = array(

View File

@ -178,7 +178,7 @@ class Auth
Session::egw_setcookie(Session::EGW_SESSION_NAME, session_id()); Session::egw_setcookie(Session::EGW_SESSION_NAME, session_id());
} }
$backend = self::backend($type ?? null, false); $backend = self::backend($type ?? null, !empty($type));
return $backend instanceof Auth\BackendSSO ? $backend->login() : null; return $backend instanceof Auth\BackendSSO ? $backend->login() : null;
} }

View File

@ -28,6 +28,9 @@ class Openidconnect implements BackendSSO
$this->client = new OpenIDConnectClient($GLOBALS['egw_info']['server']['oic_provider'], $this->client = new OpenIDConnectClient($GLOBALS['egw_info']['server']['oic_provider'],
$GLOBALS['egw_info']['server']['oic_client_id'], $GLOBALS['egw_info']['server']['oic_client_id'],
$GLOBALS['egw_info']['server']['oic_client_secret']); $GLOBALS['egw_info']['server']['oic_client_secret']);
// add scopes we are processing ('openid' is added automatic)
$this->client->addScope(['email', 'profile']);
} }
/** /**
@ -53,9 +56,9 @@ class Openidconnect implements BackendSSO
try { try {
$user_info = $this->client->requestUserInfo(); $user_info = $this->client->requestUserInfo();
$GLOBALS['auto_create_acct'] = [ $GLOBALS['auto_create_acct'] = [
'firstname' => $user_info['given_name'], 'firstname' => $user_info->given_name,
'lastname' => $user_info['family_name'], 'lastname' => $user_info->family_name,
'email' => $user_info['email'], 'email' => $user_info->email,
// not (yet) used supported keys // not (yet) used supported keys
//'primary_group' => '', //'primary_group' => '',
//'add_group' => '', //'add_group' => '',
@ -77,6 +80,22 @@ class Openidconnect implements BackendSSO
} }
} }
/**
* Display a IdP selection / discovery
*
* Will be displayed if IdP(s) are added in setup and a discovery label is specified.
*
* @return string|null html to display in login page or null to disable the selection
*/
static public function discovery()
{
if (empty($GLOBALS['egw_info']['server']['openidconnect_discovery']))
{
return null;
}
return Api\Html::input('auth=openidconnect', $GLOBALS['egw_info']['server']['openidconnect_discovery'], 'submit', 'formmethod="get"');
}
/** /**
* Logout SSO system * Logout SSO system
*/ */

View File

@ -86,7 +86,10 @@ class Login
$discovery = ''; $discovery = '';
foreach(Api\Hooks::process('login_discovery', [], true) as $app => $data) foreach(Api\Hooks::process('login_discovery', [], true) as $app => $data)
{ {
if (!empty($data)) $discovery .= $data; foreach((array)$data as $d)
{
if (!empty($d)) $discovery .= $d;
}
} }
if (!empty($discovery)) if (!empty($discovery))
{ {
@ -437,4 +440,4 @@ class Login
return htmlspecialchars($code); return htmlspecialchars($code);
} }
} }
} }

View File

@ -523,6 +523,7 @@ optional, if only authentication and anonymous search is enabled setup de option
or setup de oder or setup de oder
or %1continue to the header admin%2 setup de oder %1mit der Headerverwaltung weiter machen%2 or %1continue to the header admin%2 setup de oder %1mit der Headerverwaltung weiter machen%2
or http://webdav.domain.com (webdav) setup de oder http://webdav.domain.com (für WebDAV) or http://webdav.domain.com (webdav) setup de oder http://webdav.domain.com (für WebDAV)
or leave empty and select openidconnect as authentication type above for single sign on setup de oder leer lassen und für SingleSignOn oberhalb OpenIDConnect als Art der Authentifizierung auswählen
or leave empty and select saml as authentication type above for single sign on setup de oder leer lassen und für SingleSignOn oberhalb SAML als Art der Authentifizierung auswählen or leave empty and select saml as authentication type above for single sign on setup de oder leer lassen und für SingleSignOn oberhalb SAML als Art der Authentifizierung auswählen
or we can attempt to create the database for you: setup de Oder wir können versuchen die Datenbank für Sie anzulegen: or we can attempt to create the database for you: setup de Oder wir können versuchen die Datenbank für Sie anzulegen:
or you can install a previous backup. setup de Oder Sie können eine vorherige Datensicherung installieren. or you can install a previous backup. setup de Oder Sie können eine vorherige Datensicherung installieren.

View File

@ -523,6 +523,7 @@ optional, if only authentication and anonymous search is enabled setup en option
or setup en or or setup en or
or %1continue to the header admin%2 setup en or %1Continue to the Header Admin%2 or %1continue to the header admin%2 setup en or %1Continue to the Header Admin%2
or http://webdav.domain.com (webdav) setup en or http://webdav.domain.com (WebDAV) or http://webdav.domain.com (webdav) setup en or http://webdav.domain.com (WebDAV)
or leave empty and select openidconnect as authentication type above for single sign on setup en or leave empty and select OpenIDConnect as authentication type above for single sign on
or leave empty and select saml as authentication type above for single sign on setup en or leave empty and select SAML as authentication type above for single sign on or leave empty and select saml as authentication type above for single sign on setup en or leave empty and select SAML as authentication type above for single sign on
or we can attempt to create the database for you: setup en Or attempt to create the database: or we can attempt to create the database for you: setup en Or attempt to create the database:
or you can install a previous backup. setup en Or install a previous backup. or you can install a previous backup. setup en Or install a previous backup.

View File

@ -274,7 +274,7 @@
<tr class="row_off"> <tr class="row_off">
<td>{lang_Add_auto-created_users_to_this_group_('Default'_will_be_attempted_if_this_is_empty.)}:</td> <td>{lang_Add_auto-created_users_to_this_group_('Default'_will_be_attempted_if_this_is_empty.)}:</td>
<td><input name="newsettings[default_group_lid]" value="{value_default_group_lid}" /></td> <td><input name="newsettings[default_group_lid]" value="{value_default_group_lid}" placeholder="Default" /></td>
</tr> </tr>
<tr class="row_on"> <tr class="row_on">
@ -476,6 +476,10 @@
{lang_EGroupware's_callback_URL_is_the_one_of_the_login_page}: <a href="{value_webserver_url}/login.php">{lang_Callback_URL}</a> {lang_EGroupware's_callback_URL_is_the_one_of_the_login_page}: <a href="{value_webserver_url}/login.php">{lang_Callback_URL}</a>
</td> </td>
</tr> </tr>
<tr class="row_on">
<td>{lang_Label_to_display_as_option_on_login_page}:<br/>{lang_or_leave_empty_and_select_OpenIDConnect_as_authentication_type_above_for_single_sign_on}</td>
<td><input name="newsettings[openidconnect_discovery]" placeholder="{lang_OpenIDConnect_Login}" value="{value_openidconnect_discovery}" size="20" /></td>
</tr>
<tr class="row_off"> <tr class="row_off">
<td>{lang_URL_of_the_IdP_(without_path)}:</td> <td>{lang_URL_of_the_IdP_(without_path)}:</td>
<td><input name="newsettings[oic_provider]" value="{value_oic_provider}" size="80" /></td> <td><input name="newsettings[oic_provider]" value="{value_oic_provider}" size="80" /></td>