You are not logged in.

Announcement

 Téléchargez la dernière version stable de GLPI      -     Et vous, que pouvez vous faire pour le projet GLPI ? :  Contribuer
 Download last stable version of GLPI                      -     What can you do for GLPI ? :  Contribute

#1 2007-01-03 15:51:16

teide3718
Member
From: Canary Island - Spain
Registered: 2006-07-26
Posts: 25

Automatic Authentication

I followed the indications of this tips  http://glpi-project.org/wiki/doku.php?id=fr:authautoad  and it not worked. I have verified who the solution works by halves, in my case.

In Firefox after make the changes appears a new login windows but once indicated username and pass appears the tipical login windows of glpi. That is to say, I am due to validate twice.

With IE when I login against the AD everything goes way like before making the changes. If I don't login against the AD it happen exactly just as in Firefox.

I have XAMPP 2.1 and AD 2003.


part of my httpd.conf

...
#LoadModule auth_remote_module modules/mod_auth_remote.so
LoadModule sspi_auth_module modules/mod_auth_sspi.so
#LoadModule log_sql_module modules/mod_log_sql.so
...

...
#ocsinventory-ng RC3 configuration
Include conf/ocsinventory.conf

#glpi configuration
 <Directory "C:/Archivos de programa/OCS Inventory NG/xampp/htdocs/glpi">
  Options None
  Order allow,deny
  Allow from all
 
  AuthName "Acceso Restringido"
  AuthType SSPI
  SSPIAuth On
  SSPIAuthoritative On
  SSPIOfferBasic On
  require valid-user
  </Directory>

part of my index.php

...
if (!empty($cfg_glpi["cas_host"])&&!isset($_GET["noCAS"])) {
        glpi_header("login.php");
    }

    if ( isset($_SERVER["REMOTE_USER"])){          
          $pos = stripos($_SERVER["REMOTE_USER"],"");
                if (! $pos === false ){
            $login = substr($_SERVER["REMOTE_USER"], $pos + 1);
            if ( $login != '' ){
              header("Location: login.php?login_name=".$login);
               }
            }
    }

    // Send UTF8 Headers
    header("Content-Type: text/html; charset=UTF-8");
...

part of my login php

...
$_POST['login_password']=unclean_cross_side_scripting_deep($_POST['login_password']);

$http_auth = false;
if ( isset($_SERVER["REMOTE_USER"])){
  $pos = stripos($_SERVER["REMOTE_USER"],"");
  if (! $pos === false ){
    $login = substr($_SERVER["REMOTE_USER"], $pos + 1);
    if ( $login != '' ){
      $_POST['login_name'] = $login;
      $http_auth = true;
    }
  }
}
if (!isset($_POST["noCAS"])&&!empty($cfg_glpi["cas_host"])) {
...

...
if (!$auth_succeded) // Pas de tests en configuration CAS
    if ((empty($_POST['login_name'])||empty($_POST['login_password'])) && !$http_auth){
        $identificat->err=$lang["login"][8];
...

...
//if ($auth_succeded) $user_present = $identificat->user->getFromDBbyName(utf8_decode($_POST['login_name']));


        }
        // try HTTP authentication
        if ($http_auth){
          
          $found_dn=false;
          $auth_succeded=0;
          $found_dn=$identificat->ldap_get_dn_active_directory($cfg_glpi["ldap_host"],$cfg_glpi["ldap_basedn"],$_POST['login_name'],$cfg_glpi["ldap_rootdn"],$cfg_glpi["ldap_pass"],$cfg_glpi["ldap_port"]);
          
          if ($found_dn!=false){
            $auth_succeded = true;
            $identificat->extauth=1;
            $user_present = $identificat->user->getFromDBbyName($_POST['login_name']);
            $identificat->user->getFromLDAP_active_directory($cfg_glpi["ldap_host"],$cfg_glpi["ldap_port"],$found_dn,$cfg_glpi["ldap_rootdn"],$cfg_glpi["ldap_pass"],$cfg_glpi['ldap_fields'],$_POST['login_name'],$cfg_glpi["ldap_condition"]);        }

        }

        // Second try IMAP/POP
...

That you have many gifts and thank for your help.

Last edited by teide3718 (2007-01-24 15:25:39)

Offline

#2 2007-01-09 00:53:19

jimh
Member
Registered: 2007-01-09
Posts: 3

Re: Automatic Authentication

I have been reading as many "auth" documents and threads as I can find.  That includes the thread you refer to. 

I can not see anything wrong with what you have configured, but I am not an AD user (or SSPI user).

It is asking for ID/password a second time.  The first time I am guessing the Web Server is asking to satisfy the "require valid user".  But then it seems like GLPI does not recognize that you have REMOTE_USER set.  I think I would just add some in-line debugging (echo $_SERVER["REMOTE_USER]; ) to see if REMOTE_USER is correctly set at each step of your modified login/index.php.  Since the Web server is testing first for valid user before processing thos pages, REMOTE_USER should always be set.

I have some other questions about HTTPD auth, but for a new thread.

Jim

Offline

#3 2007-01-09 10:55:29

teide3718
Member
From: Canary Island - Spain
Registered: 2006-07-26
Posts: 25

Re: Automatic Authentication

I'm going to add that line to see what happens.

Thanks Jim

Offline

#4 2007-01-10 10:31:25

teide3718
Member
From: Canary Island - Spain
Registered: 2006-07-26
Posts: 25

Re: Automatic Authentication

Adding this for debugging "echo $_SERVER["REMOTE_USER];"
I had this error "Parse error: syntax error, unexpected '"', expecting T_STRING or T_VARIABLE or T_NUM_STRING in C:\Archivos de programa\OCS Inventory NG\xampp\htdocs\glpi\index.php on line XX"

Sorry but I don't have any knowledge of php. What I make bad? sad

I read this thread http://www.glpi-project.org/forum/viewtopic.php?id=1397 looking for something of light but my French knowledge is the same as php and Google Traslate either help to much.

José Ramón

Last edited by teide3718 (2007-01-10 10:43:32)

Offline

#5 2007-01-10 18:34:28

jimh
Member
Registered: 2007-01-09
Posts: 3

Re: Automatic Authentication

Oops, I omitted a single quote after REMOTE_USER in my example, so that may be the problem.

I suggested

echo $_SERVER["REMOTE_USER"];

but this may fail if that is not set, so my general idea is to just add some in-line echo that tells you if this isset is evaluating to true:

if ( isset($_SERVER["REMOTE_USER"])){
  $pos = stripos($_SERVER["REMOTE_USER"],"");

you could simply add:

  echo "remote user looks like it is set!!;"  right after this or add echo "not set!" on other side of that "if".

If REMOTE_USER is not being set, I am not sure I am much help.  I am running Apache on Linux with PubCookie (that sets REMOTE_USER).  Looks like you are running Windows and not sure what Web server or modules.

Ciao,

Jim

Offline

#6 2007-01-12 15:26:20

teide3718
Member
From: Canary Island - Spain
Registered: 2006-07-26
Posts: 25

Re: Automatic Authentication

Ok, REMOTE_USER is set!! smile

Now, how I add a echo line to show the content of the login var?

I have added a line like this  ==>   echo ("The content of de login var is:".$login);

I don't know if is correct, I don't obtain syntax error.


if ( isset($_SERVER["REMOTE_USER"])){
          $pos = stripos($_SERVER["REMOTE_USER"],"");
                if (! $pos === false ){
            $login = substr($_SERVER["REMOTE_USER"], $pos + 1);
            if ( $login != '' ){
              header("Location: login.php?login_name=".$login);
               }
            }
echo ("The content of login var is:".$login); 
}

I have made it for both login and pos var but nothing show.

Any idea, thank

Last edited by teide3718 (2007-02-05 10:39:38)

Offline

#7 2007-01-24 17:00:17

teide3718
Member
From: Canary Island - Spain
Registered: 2006-07-26
Posts: 25

Re: Automatic Authentication

With a CAS server I would have less problems? hmm

Offline

#8 2007-01-29 16:12:13

teide3718
Member
From: Canary Island - Spain
Registered: 2006-07-26
Posts: 25

Re: Automatic Authentication

Some explanations:
We needed automatic authentication because we are implementing authentication by means of smart cards and the program eToken of Aladdin. So the password of the users will be its electronic certificate/signature.

At the moment both systems stay, the ordinary of Windows and on card.

You think that this can influence in the error? I think that no. It happens the same validating to me with CTRL+ALT+SUPR like with card.

Thanks again.

Last edited by teide3718 (2007-01-29 16:30:05)

Offline

#9 2007-02-05 10:52:38

teide3718
Member
From: Canary Island - Spain
Registered: 2006-07-26
Posts: 25

Re: Automatic Authentication

Taking advantage of a little tranquillity in the work I have read over php. I have modified my line.

echo "The content of login var is:".$login."<br>";

The pos and login variables don't give back any value.
What I can do from here?

Thanks

Offline

#10 2007-02-05 14:30:10

teide3718
Member
From: Canary Island - Spain
Registered: 2006-07-26
Posts: 25

Re: Automatic Authentication

With this code:

if ( isset($_SERVER["REMOTE_USER"])){
        echo "The content of REMOTE_USER var is:".$_SERVER["REMOTE_USER"]."<br>";
        $pos = stripos($_SERVER["REMOTE_USER"],"");
        echo "The content of pos var is:".$pos."<br>";
        if (! $pos === false ){
            $login = substr($_SERVER["REMOTE_USER"], $pos + 1);
            echo "The content of login var is:".$login."<br>";
            if ( $login != '' ){
                header("Location: login.php?login_name=".$login);
            }
        }
    }

I obtain this:

The content of REMOTE_USER var is: DOMAINNAME\USERID
The content of pos var is:

If I try to validate myself typing DOMAINNAME\USERID, the validation fails.
And with this code:

if ( isset($_SERVER["REMOTE_USER"])){
        echo "The content of REMOTE_USER var is:".$_SERVER["REMOTE_USER"]."<br>";
        $pos = stripos($_SERVER["REMOTE_USER"],"\\");
        echo "The content of pos var is:".$pos."<br>";
        if (! $pos === false ){
            $login = substr($_SERVER["REMOTE_USER"], $pos + 1);
            echo "The content of login var is:".$login."<br>";
            if ( $login != '' ){
                header("Location: login.php?login_name=".$login);
            }
        }
    }

I obtain this:
The content of REMOTE_USER var is: DOMAINNAME\USERID
The content of pos var is:4 (my domain name is 4 characters long)
The content of login var is: USERID

This seems more correct but it does not work either. sad

Last edited by teide3718 (2007-02-05 14:32:39)

Offline

#11 2007-02-05 16:45:01

teide3718
Member
From: Canary Island - Spain
Registered: 2006-07-26
Posts: 25

Re: Automatic Authentication

Solved!!
Changing this line:

$pos = stripos($_SERVER["REMOTE_USER"],"");

to

$pos = stripos($_SERVER["REMOTE_USER"],"\\");

in both index.php and login.php

And removing the lines added for debug. All work fine. big_smile   

I hope that this help to others.

Offline

#12 2007-06-27 15:42:24

teide3718
Member
From: Canary Island - Spain
Registered: 2006-07-26
Posts: 25

Re: Automatic Authentication

I have verified when work with Firefox happens some incidences.
For example when I assign an incidence to a technician appears window of “Authentication Required” for both "" and "Restricted Access" asking for user and password.
Also I have some users with Mac, happens the same, not being able to open an incidence.

Greetings

Last edited by teide3718 (2007-06-27 15:49:03)

Offline

Board footer

Powered by FluxBB