You are not logged in.

Announcement

 Téléchargez la dernière version stable de GLPI      -     Et vous, que pouvez vous faire pour le projet GLPI ? :  Contribuer
 Download last stable version of GLPI                      -     What can you do for GLPI ? :  Contribute

#1 2020-12-11 17:36:28

rsimoes
Member
Registered: 2020-12-11
Posts: 10

GLPI and Single Sign On (SSO)

Good afternoon everyone,

We started a new project, in our company, using GLPI.

At this point, we are now able to authenticate ourselves to the application with domain accounts.

However, to make life easier for users, we intended to implement SSO "mechanism".

We have searched in several forums, but without success so far.

Our configuration is as follows:
Version GLPI: glpi-9.5.3
HTTP Server: Apache/2.4.41
OS: Ubuntu 20.04.1 LTS
DB: 10.3.25-MariaDB-0ubuntu0.20.04.1

Best regards

Offline

#2 2020-12-11 19:15:30

vincent_de
Member
Registered: 2020-10-06
Posts: 14

Re: GLPI and Single Sign On (SSO)

Hello,

For that we use a CAS server.
In GLPI it is configured in configuration>authentication>others.
You have to install phpcas, it is not included anymore.
is this what you are looking for ?

Best regards,

Offline

#3 2020-12-14 12:25:18

mklimasz
Member
Registered: 2017-12-14
Posts: 82

Re: GLPI and Single Sign On (SSO)

Hi

We're using PHP SAML plugin there and it works as expected. Configuration is easy (just the landing page and certificate), yet some care must be taken, because I haven't really discovered any way to bypass the SSO once it is enabled (one of my other posts on this forum) - and if something would just prevent authentication, then the only way I know is via direct GLPI database modification (to disable the plugin).

Offline

#4 2020-12-14 19:52:43

rsimoes
Member
Registered: 2020-12-11
Posts: 10

Re: GLPI and Single Sign On (SSO)

Good afternoon. Thanks for the answer.
It is a good solution. Do you have any example of configuration with Microsoft active directory ?.

Any tips?

Greetings

vincent_de wrote:

Hello,

For that we use a CAS server.
In GLPI it is configured in configuration>authentication>others.
You have to install phpcas, it is not included anymore.
is this what you are looking for ?

Best regards,

Offline

#5 2020-12-14 19:56:21

rsimoes
Member
Registered: 2020-12-11
Posts: 10

Re: GLPI and Single Sign On (SSO)

Good afternoon. Thanks for the answer.
This plugin would also be interesting but we wanted to maintain the various types of authentication and not just SSO.

greetings


mklimasz wrote:

Hi

We're using PHP SAML plugin there and it works as expected. Configuration is easy (just the landing page and certificate), yet some care must be taken, because I haven't really discovered any way to bypass the SSO once it is enabled (one of my other posts on this forum) - and if something would just prevent authentication, then the only way I know is via direct GLPI database modification (to disable the plugin).

Offline

#6 2020-12-26 21:33:00

finalbeta
Member
Registered: 2018-12-06
Posts: 19

Re: GLPI and Single Sign On (SSO)

We user a reverse proxy (KEMP) in the past that authenticated the user and send the username/password as HTTP authentication to the backend GLPI server in the past.
Now I use Azure Application proxy to authenticate users against AzureAD. The Application proxy then sends the logon in the HTTP header (that feature is in public preview). GLPI then picks up the username through HTTP authentication again. The advantage on that is I have no open ports to my DC and I don't need LDAP/SAML etc that takes it's own kind of special config.

Offline

#7 2021-03-25 12:40:01

rsimoes
Member
Registered: 2020-12-11
Posts: 10

Re: GLPI and Single Sign On (SSO)

Thanks for the answer. We do not currently have a license for azure AD. But this solution is very interesting

Offline

#8 2021-03-28 08:42:30

oj69
Member
From: Somewhere in the cloud
Registered: 2021-02-01
Posts: 157

Re: GLPI and Single Sign On (SSO)

mklimasz wrote:

Hi

We're using PHP SAML plugin there and it works as expected.

Is the PHP SAML plugin only available with a paid subscription ?

Offline

#9 2021-03-31 19:25:16

derricksmith01
Member
Registered: 2012-10-22
Posts: 11
Website

Re: GLPI and Single Sign On (SSO)

oj69 wrote:
mklimasz wrote:

Hi

We're using PHP SAML plugin there and it works as expected.

Is the PHP SAML plugin only available with a paid subscription ?

Hi there, I'm the plugin author and it was released AGPL - no subscription necessary.  Happy to answer any questions.

Offline

#10 2022-10-31 14:24:02

Megachip
Member
Registered: 2014-05-02
Posts: 109

Re: GLPI and Single Sign On (SSO)

Have good experiences with https://github.com/edgardmessias/glpi-singlesignon Esp. cause the SAML plugin isn't available for newer glpi releases

Last edited by Megachip (2022-10-31 14:25:24)

Offline

#11 2022-11-09 12:15:23

elprimo
Member
Registered: 2022-11-08
Posts: 8

Re: GLPI and Single Sign On (SSO)

Hey! could you please provide us the configuration of adding a provider on this plusin. Also do you know what app permission to attribute for azure application while registering it for GLPI-SSO ?

Megachip wrote:

Have good experiences with /github..../glpi-singlesignon Esp. cause the SAML plugin isn't available for newer glpi releases

Last edited by elprimo (2022-11-09 12:16:30)

Offline

#12 2023-03-15 07:52:15

edward
Member
Registered: 2020-07-26
Posts: 1

Re: GLPI and Single Sign On (SSO)

derricksmith01 wrote:
oj69 wrote:
mklimasz wrote:

Hi

We're using PHP SAML plugin there and it works as expected.

Is the PHP SAML plugin only available with a paid subscription ?

Hi there, I'm the plugin author and it was released AGPL - no subscription necessary.  Happy to answer any questions.

derricksmith01 wrote:

Hello, I'm the creator of the PHPSAML plugin that is available on the glpi-plugins site.  The plugin implaments SAML authentication in GLPI and has several configuration options to make it flexible.  Check out my repo at  for the latest updates or if you have any issues.


Hi Derrick,

I've setup and used your plugin.
I'm using glpi v 10.0.0.6 and the plugin(1.2.1) doesn't seem to create a configuration node under setup, I have to access the configuration from the plugins page.

I noticed the plugin doesn't seem to pull the users firstname
I  want to pull additional info from azure
I would like to pull additional attributes and user groups from azure.

I want to pull these groups into glpi groups so I can do different assignments based on groups.

Offline

#13 2023-07-26 13:17:58

shigol
Member
Registered: 2023-07-26
Posts: 1

Re: GLPI and Single Sign On (SSO)

I install PHP SAML plugin
Can you tell me why I get a blank page if I open GLPI_HOME/plugins/phpsaml/front/meta.php

All data is filled in GLPI_HOME/plugins/phpsaml/front/config.php

Last edited by shigol (2023-07-26 13:19:52)

Offline

#14 2023-12-27 20:12:33

alcionemorais
Member
Registered: 2023-12-27
Posts: 1

Re: GLPI and Single Sign On (SSO)

Can you help me with plugin: glpi-singlesignon
Send a printout of how you used it to alcione-morais@hotmail.com
thank you very much

Offline

#15 2024-04-02 01:05:06

donutsNL
Member
Registered: 2022-01-12
Posts: 7

Re: GLPI and Single Sign On (SSO)

Hi there.

I have been maintaining the phpsaml repository for over a year now. My updated version should work on the latest glpi. github.com/DonutsNL/phpsaml

I have also been rewriting the plugin to utilize native glpi objects where possible. I could realy use some help with testing. The beta can be found here: github.com/DonutsNL/glpisaml

Regards, DonutsNL

Offline

#16 2024-04-16 16:10:52

khaegebaert
Member
Registered: 2016-07-04
Posts: 11

Re: GLPI and Single Sign On (SSO)

H DonutsNL, hope you're still working on this, the link to github is down, found the repository at https://packagist.org/packages/donutsnl/glpisaml#v1.1.0
I'm trying to test it out but need some info...

Offline

#17 2024-05-20 14:26:50

Mamo
Member
From: Czech republic
Registered: 2023-05-15
Posts: 25

Re: GLPI and Single Sign On (SSO)

Hi everybody,

I have question about LDAP user properties.

I use GLPISAML plugin for SSO and it works. I use AD FS as IdP.
When it creates new user, it puts "username" and "email" into GLPI user db. I set some settings by "GLPI SAML - Saml import rules".

Can someone answer me?
Is it any way to get other user properties from LDAP IdP by using GLPISAML plugin?

I thought of using the built-in support for LDAP (Setup/Authencation/LDAP directory) to update glpi user properties from LDAP. I'm not sure if this is the right way at all and if it will work.


Thanks for answer.
Martin

Offline

#18 2024-05-20 14:29:47

Mamo
Member
From: Czech republic
Registered: 2023-05-15
Posts: 25

Re: GLPI and Single Sign On (SSO)

I forgot to add - I use Linux Debian and Apache2.

Offline

#19 2024-05-20 18:05:31

sIBajHYG
Member
From: Mission [KS]
Registered: 2023-08-18
Posts: 75

Re: GLPI and Single Sign On (SSO)

Mamo wrote:

Hi everybody,
I have question about LDAP user properties.
Thanks for answer.
Martin

When importing new groups, importing/synchronizing users (LDAP) - you can get all attributes from the Active Directory.
HCxtUd.jpg
Connection Filter: (&(objectClass=user)(objectCategory=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(!(samaccountname=*$)))
Login Field: samaccountname

Last edited by sIBajHYG (2024-05-20 19:06:09)


Linux ubuntu-22.04.2-live-server-amd64, PHP 8.1.2, Apache 2.4.52, MariaDB 10.6.12, GLPI 10.0.15.
GLPI Inventory 1.3.5, PHP SAML 1.3.0,  Oauth IMAP 1.4.3, Additional Fields, 1.21.8,Ticket Cleaner.

Offline

#20 2024-05-21 10:18:40

Mamo
Member
From: Czech republic
Registered: 2023-05-15
Posts: 25

Re: GLPI and Single Sign On (SSO)

Thank you for your response.

Yes, I understand it.
But can I combine it with the GLPISAML plugin?

Offline

#21 2024-05-28 00:36:34

donutsNL
Member
Registered: 2022-01-12
Posts: 7

Re: GLPI and Single Sign On (SSO)

Hi,
My latest (still being tested) version should allow both ldap sync and auth using saml. Make sure that the nameID saml property is populated by the Entra/Idp with what ever ldap sets to the username during sync and that the NameId format is compliant with that property. The latest version is available in my branch, BE AWARE ITS NOT FULLY TESTED YET. For help create an issue in my @codeberg repo or join my Discord (link in the plugins readme.md).

Rgrds,

h t t p s://codeberg.org/QuinQuies/glpisaml/src/branch/DonutsNL-v1.1.3

Last edited by donutsNL (2024-05-28 00:37:51)

Offline

#22 2024-05-28 12:01:49

joseluis.teixeira
Member
From: PT - GMR
Registered: 2013-05-07
Posts: 51

Re: GLPI and Single Sign On (SSO)

Thank you for sharing!

SAML and SSO will be on my project soon, will test it!

Offline

Board footer

Powered by FluxBB