DEPRECATION WARNING
This documentation is not using the current rendering mechanism and is probably outdated. The extension maintainer should switch to the new system. Details on how to use the rendering mechanism can be found here.
EXT: Horde Single Sign On¶
| Author: | Kasper Skårhøj |
|---|---|
| Created: | 2002-11-01T00:32:00 |
| Changed: | 2005-08-19T01:12:03 |
| Author: | Norman Seibert |
| Email: | seibert@entios.de |
| Info 3: | |
| Info 4: |
EXT: Horde Single Sign On¶
Extension Key: eu_sso_horde
Copyright 2000-2002, Norman Seibert, <seibert@entios.de>
This document is published under the Open Content License
available from http://www.opencontent.org/opl.shtml
The content of this document is related to TYPO3
- a GNU/GPL CMS/Framework available from www.typo3.com
Table of Contents¶
EXT: OWA Single Sign On 1
Introduction 1
What does it do? 1
Users manual 1
Adminstration 2
Prerequisites 2
How Single Sign On works 2
Known problems 2
Security considerations 2
Introduction¶
What does it do?¶
This extension enables single sign on (SSO) between TYPO3 and the Horde framework. If you are authenticating your users via LDAP (using the eu_ldap extension) and in Horde via IMAP this feature is particularly useful.
Users manual¶
Copy the file 'grabber/eu_sso.php' to your Horde server in an accessible location. This means it must be possible to invoke this file by an URL and anonymous authentication.
Change the file 'grabber/horde_key.php' by chnaging the variable definiton to a random value and copy it to your Horde server and your TYPO3 server. This file contains the key for the encryption of the messages between the two servers. Your web server's default account must have write access to this location but it should not be possible to access this file via your web server.
Configure 'eu_sso.php':
Change the file used for temporary data. Just change the path at the beginning of the file according to your needs:define('SERVERVARS_FILE',' d:/cache.php ');The account your web server is running with must have write access to this location but it should not be possible to access this file via your web server because user credentials are cached in this file (only for some fractions of a second, but ...).
Define the path to your keyfile:define('KEY_FILE',' d:/horde_key.php ');
Apply step 4.2 to the extension file 'pi1/class.tx_eussohorde_pi1.php'.
Create a new page in the backend which will forward the user to the Horde frontend.
Insert the Horde SSO plugin on the page.
Configure the template of the page:plugin.tx_eussohorde_pi1 {# Host name of the Horde serverhost = http://horde.mydomain.com# relative path to eu_sso.php on Horde serverwg_path = sso}
Adminstration¶
Prerequisites¶
Your PHP installation must support Curl (with SSL) and Mcrypt! Just google a litte bit for OS specific installation instructions.
If you do not use eu_ldap for LDAP integration you must synchronize your users' Windows and TYPO3 passwords and store the passwords in the TYPO3 user table in clear text!
How Single Sign On works¶
When the page containing the Horde plugin is loaded TYPO3 calls 'eu_sso.php' on the Horde server and transfers the necessary parameters for calling OWA together with the user's credentials. The plugin now redirects the user's browser directly to 'eu_sso.php' and transfers the key the password is encrypted with. 'eu_sso.php' then calls the login form, creates a session with Horde and forwards the user to the result page.
All data transferred between the TYPO3 and the Horde server is encrypted!
Known problems¶
Security considerations¶
Storing passwords in the TYPO3 database in cleartext is a security risk – if you are using LDAP authentication you get rid of that!
Additionally the passwords are cached on the Horde server for the time between the background call to 'eu_sso.php' and the frontend redirection.
EXT: Horde Single Sign On - 3