I moved to: https://codeberg.org/QuinQuies This plugin is a full rewrite of Derrick Smith's initial SAML plugin for GLPI10+. Its redesigned to be compatible with GLPI10+, PSR, Composer, Support multiple saml idp's, user right rules and more.
I have tried to test it but when I save I get this error
"Error: Unable to add new GlpiSaml configuration!!!
Leaving a line without text in the configuration, any suggestions?
@DonutsNL Hey, i hope you're doing well. I just needed an information about plugin enfored option. When we enfore the plugin we no longer have the option to connect to GLPI directly. Is there anyway that we can still access the GLPI login page through another URL ?
I can give you an exemple like if we enforce the plugin glpi should be accessible through www.exemple-glpi.com/index.php and the direct connection page would be on url www.exemple-glpi.com/index.php?noAUTO=1
The logout is not yet fully implemented. plugin currently depends on GLPI default logout functionality but does not log the user out of the IDP. Clicking the login button will simply log the user back in using the existing IDP session. In addition the sessions are not registered correctly in the GLPISAML session database that keeps track of all active sessions. Because of the logout action is not yet properly administrated, the cross checking functions of the plugin might fail because the sessions can get into an inconsistant state. This might lead to login errors like 'did not expect saml response from this IDP' on login.
Work arround if this occurs is to close all browsers and start over.
Thank you for this v2.
However I have a problem, once I've created my SSO configuration, I can't go back to it because I can't click anywhere because the name is not displayed :
Clean code is essential. Im not happy with all the HTML in the classes.
Lets implement twig templates that allow for cleaner logic, filtering and much more.
Hello,
I am using your glpisaml plugin to make an SSO connection with my Azure AD to log in my GLPI site.
I am facing this issue "The response was received at http://{GLPI}/marketplace/glpisaml/front/acs.php instead of https://{GLPI}/marketplace/glpisaml/front/acs.php" (see capture)
. I don't know where I can find the redirection.
Cause my GLPI is in https and is behind a reverse proxy.
I'm sure it's not the Azure AD config, I think it is an issue with the php file : acs.php, but I have no idea how to resolve it.
The current login button implementation might give away allot of information about customers or IDPs linked to the GLPI instance. There might be an alternative route where no information about the configured idps is exposed in this way.
The idea is to 'capture' the user login email address using the username field and match its domain against a configured idps. If a match is succesfull it will perform the login using that idp. For this purpose the following field has been introduced.
We can toggle the visability of the login button based on this field being used.
Currently the 'is enabled' option will only remove the login button from the login page. Its state is not yet evaluated in the loginflow. Triggering a disabled idp should lead to an error and should not continue cause glpisaml to perform an samlRequest to the IDP.
It would be very helpfull if you guys could help me test this plugin. The current version should be functional enough to allow multiple Saml IDPs for authentication with dynamic user creation. Your testing efforts will greatly help me fix premature issues in the code and its logic.
I will be moving forward and try and implement rules as well before addressing more advanced logout stuff. Currently the plugin will NOT log the user out of the idp, just out of GLPI. Pressing the button will simply relogin the user unless the account was deleted or deativated.