Delegated authentication configuration
- name:
- Combodo-hybridauth-configuration
- description:
- Configure authentification delegation through an external provider
- version:
- 1.0.0
- release:
- 2024-01-25
- itop-version-min:
- 2.0
- state:
- stable
This extension provides a dedicated screen to ease authentication delegation inside iTop. With this new screen you can configure your external provider (ID/SECRET) and also enable/tune iTop account on the fly creation (user + contact).
Revision History
Version | Release Date | Comments |
---|---|---|
1.0.0 | 2024-01-25 | First version |
Limitations
Compatible with minimum iTop 3.x
Requirements
Installation / Configuration
Nothing to do except install and enable this extension in iTop.
Usage
Current extension proposes a screen for external authentication delegation.
For advanced unavailable settings please refer to https://wiki.combodo.com/doku.php?id=extensions:combodo-hybridauth
Menu access
Configuration page is available when logged in as administrator.
Main screen
When clicking on 'save' button all settings are saved in iTop configuration.
When a specific provider is enabled you can also save immediately the configuration and validate external authentication through selected provider. It consists in successively saving your settings, disconnecting from iTop and trying to reconnect through external provider.
Advanced Configuration
Menu/screen access
By default this new screen is accessible only by Administrators. If you want to give access to other profiles please customize your iTop like below XML snippet does for profile with id=6:
<user_rights> <profiles> <profile id="6" _delta="must_exist"> <!-- id=3 correspond to the Superuser --> <groups> <group id="RessourceHybridAuthMenu" _delta="define"> <actions> <action id="action:write">allow</action> </actions> </group> </groups> </profile> <profiles> <user_rights>
External provider list
-
By default all available hybridauth/hybridauth lib providers are proposed from below V3.11.0 library
https://hybridauth.github.io/providers.html
-
You can restrict the proposed providers likewise in the iTop configuration
$MyModuleSettings = array( 'combodo-hybridauth-configuration' => array ( 'ui_proposed_providers' => array ( 0 => 'Google', 1 => 'MicrosoftGraph', ), ), )
-
The drop down list will restrict to the listed providers. but it will also propose any other provider listed in combodo-hybridauth configuration section (cf “My provider” in below example section)
Example
'combodo-hybridauth' => array ( 'debug' => true, 'default_profile' => 'Portal User', 'providers' => array ( 'My provider' => array(), ), ),