extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2024-12-12 01:30:41 +01:00
Code Issues Packages Projects Releases Wiki Activity
39,338 Commits 33 Branches 356 Tags 200 MiB
4298006e31
Commit Graph

43 Commits

Author SHA1 Message Date
ralf
c49f7849bb * Mail: OAuth authentication for Microsoft (Office365, outlook.com, ...) and GMail 2023-01-16 16:56:51 -06:00
ralf
5bc7ed497c fix OAuth with Microsoft mail servers 
Seems MS needs it's v2.0 provider URL (https://login.microsoftonline.com/common/v2.0'), to work, the default without v2.0 fails to login via IMAP
 2023-01-13 20:28:42 -06:00
ralf
4a70021f41 WIP Oauth authentication for Office365: 
- add all Microsoft email domains
- using login.microsoftonline.com/common as OAuth provider URL
- use mail-server name to detect custom mail domains
--> auth with IMAP agains outlook.office365.com still NOT working, probably needs some kind of further verification / being an Microsoft partner
 2023-01-12 19:33:31 -06:00
ralf
6895d00160 WIP OAuth for mail, fixed not getting access-token from Microsoft 
thought it's still not working: "Mailserver denied authentication" with the access-token we get :(
Must be something wired and MS specific, as it's working now with GMail
 2022-12-26 17:25:47 -06:00
ralf
71aabaea73 WIP OAuth for mail: 
fixing some typos to test with Office365
 2022-12-25 15:19:14 -06:00
ralf
14b6a9a5ab WIP OAuth authentication for mail: working now with Gmail 2022-12-25 14:49:37 -06:00
ralf
21f8a936a0 WIP OAuth/OpenIDConnect authentication for mail / Office365 mail service 
Using now https://proxy.egroupware.org/oauth as redirect-url, redirecting to specific EGroupware instance specified in state query parameter
 2022-12-24 12:12:57 -06:00
ralf
dc832ce12b WIP OAuth/OpenIDConnect authentication for mail / Office365 mail services 
Mail wizzard triggers on a *.onmicrosoft.com domain and then automatically uses Office365 servers with OpenIDConnect authentication
- access- and refresh-token get acquired with https://outlook.office.com/IMAP.AccessAsUser.All scope
ToDo:
- find out why Microsoft denies access with the returned access-token
- store access-token for its lifetime in the cache
- store refresh-token instead of password, to get a new access-token, if it's expired
--> add OAuth logic to mail client (not just wizard)
 2022-12-23 14:33:19 -06:00
ralf
3c4b03ca3c * SAML/Univention: support for Univention SAML IdP for SSO incl. docu 2022-08-04 20:10:23 +02:00
ralf
733770ea36 * SAML: generate a self-signed certificate (not just the public key) 2022-07-11 20:27:49 +02:00
ralf
480e913151 add uid to selectable username attributes 2022-07-11 12:22:06 +02:00
Ralf Becker
df5cce7a74 * SAML/Shibboleth: fix metadata-URL to container eduPersonUniqueId or a custom OID, if specified 2021-04-20 17:34:20 +02:00
Ralf Becker
673760f59d * Setup/SAML: fix not stored custome OID and added eduPersonUniqueId 2021-04-07 10:07:56 +02:00
Ralf Becker
fed41622c2 fixing all sorts of PHP 8 errors and PHPStorm errors 2021-03-31 17:50:01 +02:00
Ralf Becker
ffc048d472 fix PHP 8.0 Fatal error unknown function get_magic_quotes_gpc 2021-03-21 18:27:09 +01:00
Ralf Becker
47c8897642 fix typo and missing Accounts.php 2020-10-30 13:02:19 +01:00
Ralf Becker
3c956d0144 * Saml/Shiboleth/SmallPART: allow to use affiliation attribute to sync with Teachers group 2020-10-30 11:44:49 +01:00
Ralf Becker
55b615af5f config got "lost" after deleting the cache, caused by it being automatic unserialized 2020-10-02 08:38:51 +02:00
Ralf Becker
8df5371ffa fix wrong OID for mail attribute 2020-09-22 19:21:14 +02:00
Ralf Becker
3ee7574294 * Authentication: allow using multiple backends, even same backend multiple times with different configuration 2020-09-10 17:12:53 +02:00
Ralf Becker
4959281164 fix optional SAML/Shibboleth login fails when proxying as form field with name "auth=saml" get lost 2020-06-24 08:56:13 +02:00
nathangray
f0e074093c Ralf's fix for Saml for PHP 7.2 2020-06-23 10:21:07 -06:00
Ralf Becker
08b039c4fb fix some SAML/Shibboleth problems caused by EGroupware running in container behind proxy on host 2020-06-21 08:17:00 +02:00
Ralf Becker
7e81b733e1 fix typo in directory permissions 2020-06-18 10:48:56 +02:00
Ralf Becker
b7ed148371 * SAML: support joining a SAML account to an existing one, if configured in setup 
notification of user does not yet work, as redirect on login page looses Api\Framework::message() :(
 2020-06-11 16:03:54 +02:00
Ralf Becker
4c131c1866 SAML/Shibboleth with multiple IdP or optional on regular login page 2020-06-10 15:19:24 +02:00
Ralf Becker
4d2d14dd99 make running / generating SAML/Shibboleth config depending on an IPD configured 2020-05-29 10:25:31 +02:00
Ralf Becker
b1f79d1c40 * SAML/Shibboleth/SimpleSAMLphp authentication configurable through setup 2020-05-28 23:24:09 +02:00
Ralf Becker
9211d81732 suppress warning and trace (containing passwords) if userPassword attribute is not accessible 2020-04-16 12:16:04 +02:00
Ralf Becker
e3ede597dc * API: add SimpleSAMLphp for SAML/Shibboleth authentication and many more 2020-04-14 14:10:33 +02:00
Ralf Becker
5dcf1e842f fix for stable Univention 4.4-2 REST API 2019-09-30 12:37:48 +02:00
Ralf Becker
4f367e6bf1 * Univention: fix "Must change password upon next login" feature 2019-09-16 10:06:57 +02:00
Ralf Becker
e6dab124ee * Univention: fix not working password change (setting Kerberos credentials) 2018-07-13 09:58:38 +02:00
Ralf Becker
d2e05d5a41 fix Scrutinizer bug: Api\Auth\Exception does not exist 2016-08-28 12:51:19 +02:00
Ralf Becker
ffa5b37776 fix not working forced password change on login page with fallback auth 2016-07-27 10:19:48 +02:00
Ralf Becker
28cddb8e64 * Api: fixed not working HTTP authentication 2016-07-26 17:07:42 +02:00
Ralf Becker
f0a739d7ed * LDAP: fix not working password change by user 2016-07-26 08:47:31 +02:00
Ralf Becker
f4acec1b82 fix not working forced password change on login screen 2016-07-15 14:47:13 +02:00
Ralf Becker
dbf69a79c6 * Setup/Auth: fix PHP Fatal with Sqlssl authentication (Class EGroupware\Api\Auth\auth_sql not found) 2016-07-09 09:20:00 +02:00
Ralf Becker
8c6193d22f fix Scrutinizer "bugs" 2016-07-02 11:53:40 +02:00
Ralf Becker
25a1bf6360 fix missing use EGroupware\Api 2016-04-02 09:16:53 +00:00
Ralf Becker
00abda4682 moving emailadmin to api and admin, only emailadmin_hooks and tables still need moving 2016-03-28 18:51:38 +00:00
Ralf Becker
b95727bb6f move auth classes to Api\Auth, only Sql is currently tested! 2016-03-06 20:47:10 +00:00