Author Topic: Modify Mibew to use SAML  (Read 12339 times)

0 Members and 1 Guest are viewing this topic.

mscherst

  • Full Member
  • ***
  • Posts: 6
Modify Mibew to use SAML
« on: December 05, 2018, 10:19:45 PM »
Mibew looks great and will fill a huge need for us to provide chat service without a $30+ license per operator per month.  However, we would want to integrate it into our system using SAML authentication.

We're currently using auth0 as our identity provider.  Ideally a change would allow for more general SAML authentication, but auth0 specific would work for our needs.  I'm a bit rusty on my php, but the documentation for using auth0 in a php application is at https://auth0.com/docs/quickstart/webapp/php/01-login.

Can anyone with knowledge of Mibew code take a look at that and point me in the right direction to start implementing this?  I'm sure I could hack it together, but a guess on at least which files need to be edited would be very helpful.

faf

  • Mibew Staff Member
  • Native
  • *****
  • Posts: 950
    • Mibew Messenger
Re: Modify Mibew to use SAML
« Reply #1 on: December 06, 2018, 12:52:39 PM »
There are not so many active developers here these days.  :-\

As of your idea, I'd suggest you to take a look at plugins (there are a lot of them to observe and research the code). You could write your own one utilizing \Mibew\EventDispatcher\Events::OPERATOR_AUTHENTICATE event.

mscherst

  • Full Member
  • ***
  • Posts: 6
Re: Modify Mibew to use SAML
« Reply #2 on: September 23, 2019, 05:17:31 PM »
Thanks for the response.  I know this was a while ago, but I appreciate the help.

I've already completed one of my plugins, so I have some familiarity with how it works.  That one just used a Plugin.php file to attach an event listener to some of the group events.

For this, I've set up a Plugin.php file with an event listener on the OPERATOR_AUTHENTICATE event.  In that function, one of the parameters I need to pass into the authentication service is a redirect URL, which I think will just be /home (but the particular route doesn't matter).

I know that if I was using a Controller/Controller.php file that extends AbstractController, I could use $this->generateUrl().  Since I have no other need for routing, and I don't require a routing.yml file, I'm not exactly sure how to move forward.

I wonder if maybe I should do something like (still in Plugin.php):

Code: [Select]
use Mibew\Controller\AbstractController;

class Plugin extends \Mibew\Plugin\AbstractPlugin implements \Mibew\Plugin\PluginInterface
{
    $router = AbstractController::getRouter();
   
    ....
    public function myAuthListener()
    {
        $url = $router->generateUrl('home');
    }
}

Thanks

mscherst

  • Full Member
  • ***
  • Posts: 6
Re: Modify Mibew to use SAML
« Reply #3 on: September 23, 2019, 08:52:07 PM »
Actually, since I really just need the hosturl and not the specific route, I think I can do this:

use Mibew\Controller\AbstractController;

Code: [Select]
use Mibew\Settings;

class Plugin extends \Mibew\Plugin\AbstractPlugin implements \Mibew\Plugin\PluginInterface
{
    protected $hosturl = Settings::get('hosturl');
    ...
}

faf

  • Mibew Staff Member
  • Native
  • *****
  • Posts: 950
    • Mibew Messenger
Re: Modify Mibew to use SAML
« Reply #4 on: September 24, 2019, 07:37:37 PM »
Well, usually 'hosturl' setting holds a value of URL of a site, not the basic URL of Mibew itself. So your second option is simple, but if you need some specific URL for some page in the administrative interface you'd better use router object. But in that case don't forget that the plugin should also implements \Mibew\Plugin\PluginInterface anyway.

mscherst

  • Full Member
  • ***
  • Posts: 6
Re: Modify Mibew to use SAML
« Reply #5 on: September 26, 2019, 12:57:30 PM »
I'm hitting a block here, and it's the same basic issue for two things I need to accomplish.

First, as I stated above, I need to generate a url inside of the plugin, using something like:

Code: [Select]
$this->getRouter()->generateUrl('home');
Second, after my third-party authentication service has returned a successful response, I need to do something similar to what's happening in Mibew\Controller\LoginController:

Code: [Select]
$this->getAuthenticationManager()->loginOperator($operator, $remember);
While I have some experience with scripting in php, I'm new to app development, and Symfony in particular.  That last line of code responds with an error:

Quote
PHP Fatal error:  Uncaught Error: Call to a member function loginOperator() on null

I see in index.php, an application object is created after first creating a router:

Code: [Select]
$application = new Application($router, new AuthenticationManager());
Is there a way, from inside a plugin (either Plugin.php or inside a controller) to access this Application object?  A brief example would be very helpful.

faf

  • Mibew Staff Member
  • Native
  • *****
  • Posts: 950
    • Mibew Messenger
Re: Modify Mibew to use SAML
« Reply #6 on: September 27, 2019, 09:48:43 PM »
To begin with, I'd implement third-party authentication that way:

In run():

Code: [Select]
$dispatcher = EventDispatcher::getInstance();
$dispatcher->attachListener(Events::OPERATOR_AUTHENTICATE, $this, 'checkAuth');

And your checkAuth method should looks somehow like that:

Code: [Select]
public function checkAuth(&$args)
    {
        $request = $args['request'];

        $login = $request->request->get('login');
        $password = $request->request->get('password');
        $operator = operator_by_login($login);

        if ((!$operator || ($operator['vcpassword'] === 'auth_by_remote_service')) && $login && $password) {

               // dummy part
               // do something and get auth result
               // ...
               $result = true;
               // ...
               // end of dummy part

               if (!$result) {
                       return;
               }
           
                if (!$operator) {
                       $operator = create_operator($login, '', '', '', '', '', '');
                       $operator = operator_by_login($login);
                       $operator['vcpassword'] = 'auth_by_remote_service';
                       update_operator($operator);
                }
                else {
                       update_operator($operator);
                }
           
                $args['operator'] = $operator;
        }

Of course it's just a quick'n'dirty concept to illustrate the basic idea.

And if you need an URI related to Mibew, why won't you make use of the very same request object? $request->getUri() will do the job. You'll be able to redirect an operator to the very same page he originally requested.