GithubHelp home page GithubHelp logo

prodrivers / simplesamlphp-module-selfregister Goto Github PK

View Code? Open in Web Editor NEW

This project forked from geant/simplesamlphp-module-selfregister

0.0 2.0 0.0 42 KB

SimpleSaml Selfregister Module. Archived as no longer actively used or developed.

PHP 99.34% CSS 0.66%

simplesamlphp-module-selfregister's Introduction

Selfregister

This is a SimpleSAMLphp module that allows registration of users accounts. The original version was developed by UNINETT and supported LDAP as a backend. This fork adds support for SQL databases as the back-end.

The module needs an sqlauth:SQL authentication source as the place to store user accounts. You can use an existing authsource, just make sure the credentials used allow for writing.

People that want to sign up for an account need to fill in their e-mail address, and they get sent a URL with a token to confirm the address. Upon verification the user can then needs choose a username, a password, and values for first and last name. These values are stored in the SQL back-end. To store the password securely it is hashed with a salt, which is saved in a separate database column. This approach allows the database to do the password verification.

Enable this module the standard way (i.e. touching the file enable in the module directory, and copy the default configuration file to config/).

MySQL back-end

The default configuration file module_selfregister.php contains all the necessary statements.

###Database set-up

Create the database, add a user, and assign permissions:

CREATE DATABASE ssp_selfregister;
GRANT ALL on ssp_selfregister.* to 'ssp_user'@'localhost' IDENTIFIED by 'hackme';
FLUSH PRIVILEGES;

Create the table that will hold you users:

CREATE TABLE users (
    `userid` varchar(32) NOT NULL,
    `password` text NOT NULL,
    `salt` blob,
    `firstname` text,
    `lastname` text,
    `created` datetime NOT NULL,
    `email` varchar(255) NOT NULL,
    `updated` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
    PRIMARY KEY (`userid`),
    UNIQUE KEY `UE` (`email`)
    )

###authsource set-up

Create the accompanying authsource in config/authsources.php:

'selfregister-mysql' => array(
    'sqlauth:SQL',
        'dsn' => 'mysql:host=localhost;dbname=ssp_selfregister',
        'username' => 'ssp_user',
        'password' => 'hackme',
        'query' => 'SELECT userid, firstname, lastname, email FROM users WHERE userid = :username
                    AND password = SHA2 (
                        CONCAT(
                            (SELECT salt FROM users WHERE userid = :username),
                            :password
                        ),
                        512
                    )',
    ),

PostgreSQL back-end

###Database set-up

As the postgres super user, create a new role, and a new database that is owner by the new user:

createuser -D -I -R -S -P ssp_user
createdb -O ssp_user -T template0 ssp_selfregister

In order to use the crypto that is needed to do the password verification, you need to add the pgcrypto extension to the database. As the postgres super user:

psql ssp_selfregister
CREATE EXTENSION pgcrypto;

This in turn might depend on an extra package, for Debian/Ubuntu this is the postgresql-contrib package.

####authsource set-up

Create the accompanying authsource in config/authsources.php (and remember to update the auth statement in module_selfregister.php_:

'selfregister-pgsql' => array(
        'sqlauth:SQL',
        'dsn' => 'pgsql:host=ip6-localhost;dbname=ssp_selfregister',
        'username' => 'ssp_user',
        'password' => 'hackme',
        'query' => "
                SELECT userid, firstname, lastname, email FROM users WHERE userid = :username
                AND password = encode(
                    digest (CONCAT((SELECT salt FROM users WHERE userid = :username), :password::TEXT), 'sha512'),
                    'hex')",
),

Attribute mapping

Add the follwoing authproc filter to the IdP metadata (metadata/saml20-idp-hosted.php), so that the attributes will have the standard names:

'authproc' => array(

    10 => array(
        'class' => 'core:AttributeMap',
        'userid'    => 'uid',
        'email'     => 'mail',
        'lastname'  => 'sn',
        'firstname' => 'givenName',
    ),

simplesamlphp-module-selfregister's People

Contributors

dnmvisser avatar erny avatar jaimeperez avatar

Watchers

avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.