Delegated authentication configuration

name:: Combodo-hybridauth-configuration
description:: Configure authentification delegation through an external provider
version:: 1.0.0
release:: 2024-01-25
itop-version-min:: 2.0
state:: stable

This extension provides a dedicated screen to ease authentication delegation inside iTop. With this new screen you can configure your external provider (ID/SECRET) and also enable/tune iTop account on the fly creation (user + contact).

Revision History

Version	Release Date	Comments
1.0.0	2024-01-25	First version

Limitations

Compatible with minimum iTop 3.x

Requirements

Installation / Configuration

Nothing to do except install and enable this extension in iTop.

Usage

Current extension proposes a screen for external authentication delegation.

Some configuration settings are not proposed on this screen. But they will be preserved at save action if you previously bypassed the screen and used iTop Configuration page directly

For advanced unavailable settings please refer to https://wiki.combodo.com/doku.php?id=extensions:combodo-hybridauth

Menu access

Configuration page is available when logged in as administrator.

Main screen

When clicking on 'save' button all settings are saved in iTop configuration.

When a specific provider is enabled you can also save immediately the configuration and validate external authentication through selected provider. It consists in successively saving your settings, disconnecting from iTop and trying to reconnect through external provider.

Advanced Configuration

Menu/screen access

By default this new screen is accessible only by Administrators. If you want to give access to other profiles please customize your iTop like below XML snippet does for profile with id=6:

  <user_rights>
    <profiles>
      <profile id="6" _delta="must_exist">
        <!-- id=3 correspond to the Superuser -->
        <groups>
          <group id="RessourceHybridAuthMenu" _delta="define">
            <actions>
              <action id="action:write">allow</action>
            </actions>
          </group>
        </groups>
      </profile>
     <profiles>
  <user_rights>

External provider list

By default all available hybridauth/hybridauth lib providers are proposed from below V3.11.0 library

https://hybridauth.github.io/providers.html

You can restrict the proposed providers likewise in the iTop configuration

$MyModuleSettings = array(
    'combodo-hybridauth-configuration' => array (
        'ui_proposed_providers' => array (
            0 => 'Google',
            1 => 'MicrosoftGraph',
        ),
    ),
)

The drop down list will restrict to the listed providers. but it will also propose any other provider listed in combodo-hybridauth configuration section (cf “My provider” in below example section)

Example

'combodo-hybridauth' => array (
    'debug' => true,
    'default_profile' => 'Portal User',
    'providers' => array (
        'My provider' => array(),
    ),
),

Sidebar