|
|
| Line 1: |
Line 1: |
| An authentication plugin has some additional requirements over a regular plugin. Here we list the requirements.
| | === Internal database === |
| | This plugin is the default and can not be disabled. It uses the built in LimeSurvey database. It is a fall-back mechanism to that you can always login to the installation when needed. |
|
| |
|
| To make creating your own authentication plugin easier, you should extend the abstract [https://github.com/LimeSurvey/LimeSurvey/blob/master/application/libraries/PluginManager/AuthPluginBase.php AuthPluginBase] class.
| | === LDAP === |
| | By activating this plugin you can perform basic authentication against an LDAP server. Make sure your PHP configuration has LDAP support enabled. |
|
| |
|
| To get an idea of the possibilities, check out the three core authentication plugins (check their pages for more information about configuration options):
| | '''Enabling and configuring settings for plugin AuthLDAP v2.05+''' |
| * [https://github.com/LimeSurvey/LimeSurvey/blob/master/application/core/plugins/Authdb/Authdb.php Authdb] Database authentication - this is the default method for all new LimeSurvey installations.[[Core_plugins#Internal_database|info]]
| |
| * [https://github.com/LimeSurvey/LimeSurvey/blob/master/application/core/plugins/Authwebserver/Authwebserver.php Authwebserver] Webserver authentication - This one skips the login form, and provides methods for user creation. [[Core_plugins#Webserver_authentication|info]]
| |
| * [https://github.com/LimeSurvey/LimeSurvey/blob/master/application/core/plugins/AuthLDAP/AuthLDAP.php AuthLDAP] LDAP authentication - Adds a custom error message and relies on a user being present in the LimeSurvey database. [[Core_plugins#LDAP|info]]
| |
|
| |
|
| There are 6 events you can subscribe to:
| | Enable LDAP in PHP.INI. |
| | Verify that phpinfo.php shows that LDAP is enabled. |
| | Go to LimeSurvey Plugin Manager. |
| | Configure LDAP plugin. |
| | Example settings: |
| | Ldap server e.g. ldap://ldap.mydomain.com: ldap://ldap.mydomain.com |
| | Port number (default when omitted is 389): |
| | LDAP version (LDAPv2 = 2), e.g. 3: 3 |
| | Username prefix cn= or uid=: cn= |
| | Username suffix e.g. @mydomain.com or remaining part of ldap query: ,OU=people,DC=mydomain,DC=com |
| | Create a LimeSurvey administrator with the same name as a AD(active directory) user account. |
| | Log in using the AD credentials(username and password). |
|
| |
|
| == beforeLogin == | | === Webserver authentication === |
| This is called first, and can possibly disable the loginform, for example when webserver authentication is used and we trust on that. To do this, use ''$this->setAuthPlugin()''
| | This plugin leaves authentication to the webserver and reads the result from a configurable server setting. This method has been around for a while, and was configured from config.php. If you used this authentication, you should enable the plugin in the plugins menu and move your configuration from config.php to the plugin's settings. Feel free to contact the team via the bugtracker or irc-channel if it no longer functions the way it did before. |
| | |
| == newLoginForm ==
| |
| Here you can add your own elements to the form. You should add your username/password elements, but could also add a domain selector or anything else you need. This will only be shown when the selected authentication method was chosen on the selector that is added when more then one plugin is present. When your authentication plugin does not need a form, and can not be selected as an option (like webserver authentication) you should not add a form element here.
| |
| <syntaxhighlight lang="php">
| |
| $this->getEvent() // Get the current event
| |
| ->getContent($this) // Get the content for this plugin
| |
| ->addContent(CHtml::tag( // And add some content to it
| |
| 'li',
| |
| array(),
| |
| "<label for='user'>" . gT("Username") . "</label><input name='user' id='user' type='text' size='40' maxlength='40' value='' />"))
| |
| ->addContent(CHtml::tag(
| |
| 'li',
| |
| array(),
| |
| "<label for='password'>" . gT("Password") . "</label><input name='password' id='password' type='password' size='40' maxlength='40' value='' />"));
| |
| </syntaxhighlight>
| |
| | |
| == afterLoginFormSubmit ==
| |
| When the form for this plugin was submitted, this event is called. Here you can handle setting the values to the plugin. This event is also called when there was no form submitted and form display was canceled in the beforeLogin event.
| |
| | |
| == newUserSession ==
| |
| This is where the real authentication takes place. You should use $this->setAuthSuccess($oUser) for a successful attempt and provide a User object. If you fail to do so it will result in an authentication failure. If you need to provide a message about why the authentication failed, you can do so by using $this->setAuthFailure($code, $message) where code is any code other than 0. The code is not used at this moment. The message should be a message in English, localised using the available tools in the plugin api. See the general plugin documenation for more information about that topic. | |
| | |
| == beforeLogout ==
| |
| This is fired before the user is destroyed and the session regenerated. This is the time for cleanup / logout in external systems if needed.
| |
| | |
| == afterLogout ==
| |
| When the user is destroyed, you might want to redirect to a different page then currently defined. This is the right place to do so.
| |
| | |
| [[Category:Plugins]]
| |
Internal database
This plugin is the default and can not be disabled. It uses the built in LimeSurvey database. It is a fall-back mechanism to that you can always login to the installation when needed.
LDAP
By activating this plugin you can perform basic authentication against an LDAP server. Make sure your PHP configuration has LDAP support enabled.
Enabling and configuring settings for plugin AuthLDAP v2.05+
Enable LDAP in PHP.INI.
Verify that phpinfo.php shows that LDAP is enabled.
Go to LimeSurvey Plugin Manager.
Configure LDAP plugin.
Example settings:
Ldap server e.g. ldap://ldap.mydomain.com: ldap://ldap.mydomain.com
Port number (default when omitted is 389):
LDAP version (LDAPv2 = 2), e.g. 3: 3
Username prefix cn= or uid=: cn=
Username suffix e.g. @mydomain.com or remaining part of ldap query: ,OU=people,DC=mydomain,DC=com
Create a LimeSurvey administrator with the same name as a AD(active directory) user account.
Log in using the AD credentials(username and password).
Webserver authentication
This plugin leaves authentication to the webserver and reads the result from a configurable server setting. This method has been around for a while, and was configured from config.php. If you used this authentication, you should enable the plugin in the plugins menu and move your configuration from config.php to the plugin's settings. Feel free to contact the team via the bugtracker or irc-channel if it no longer functions the way it did before.