Configuration
On this page
Extension configuration (ext_conf_template)
Main settings are configured in TYPO3 extension configuration for
dv_sso_auth.
|
Setting |
Type |
Default |
Description |
|---|---|---|---|
|
|
bool |
|
Enables SSO authentication integration for TYPO3 backend login. |
|
|
bool |
|
Enables SSO authentication integration for TYPO3 frontend login. |
|
|
bool |
|
Automatically creates/updates FE users from IdP attributes when they do not exist or have changed. |
|
|
bool |
|
Automatically creates/updates BE users from IdP attributes. |
|
|
string |
|
Required affiliation for BE auto-import. If empty, all affiliations are accepted. |
|
|
bool |
|
Forces FE auth service execution even if no FE session exists. |
|
|
bool |
|
Forces BE auth service execution even if no BE session exists. |
|
|
bool |
|
Forces generated login targets to |
|
|
bool |
|
Disallows backend login without SSO context. See Hooks / extension points. |
|
|
int (0-100) |
|
TYPO3 auth service priority. |
|
|
int |
|
Storage PID for FE users and FE groups created by auto-import. |
|
|
string |
|
SSO login endpoint path used for frontend and backend login links. |
|
|
string |
|
SSO logout endpoint path used for frontend logout redirect. |
|
|
string |
|
Server variable containing the authenticated username. |
|
|
string |
|
Server variable containing the user email address. |
|
|
string |
|
Server variable containing display name / real name. |
|
|
string |
|
Server variable containing affiliation values for group mapping. |
|
|
string |
|
Fluid template path for the TYPO3 backend login provider. |
TypoScript
The extension ships with TypoScript constants and setup for plugin view paths:
plugin.tx_dvssoauth {
view {
templateRootPath = EXT:dv_sso_auth/Resources/Private/Templates/
partialRootPath = EXT:dv_sso_auth/Resources/Private/Partials/
layoutRootPath = EXT:dv_sso_auth/Resources/Private/Layouts/
}
}If needed, override these paths in your site package.
Frontend plugin and FlexForm
The plugin is registered as dvssoauth_login.
Available FlexForm settings:
settings.redirectPage: page used after successful login if no explicitredirect_urlwas passed.settings.logoutRedirectPage: currently defined in FlexForm but not used in controller logic.
Server variable resolution
Server variables are resolved with fallback handling:
- direct key lookup (example:
REMOTE_USER) - prefixed lookup with
REDIRECT_(example:REDIRECT_REMOTE_USER) - scan all scalar
$_SERVERkeys and strip theREDIRECT_prefix
This makes setups behind Apache rewrite/proxy layers more robust.
Affiliation parsing
Affiliations are parsed from the configured server variable
(eduPersonAffiliation):
- split by
; - trim whitespace
- strip domain suffixes after
@(member@example.orgbecomesmember) - deduplicate values
For FE users, if no affiliation is available, the fallback group title
member is used.
Hooks / extension points
The auth service exposes extension points through
$GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['dv_sso_auth']:
getFEUserGroups: post-process FE group UID listgetBEUserGroups: post-process BE group UID listonlySsoFunc: custom behavior whenonlySsoBEdenies non-SSO login
Example registration:
$GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['dv_sso_auth']['getFEUserGroups'][]
= \Vendor\Site\Auth\FrontendGroupProcessor::class;
$GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['dv_sso_auth']['getBEUserGroups'][]
= \Vendor\Site\Auth\BackendGroupProcessor::class;
$GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['dv_sso_auth']['onlySsoFunc'][]
= \Vendor\Site\Auth\OnlySsoProcessor::class;Expected processor methods:
public function getFEUserGroups(array $groupUids): array {}
public function getBEUserGroups(array $groupUids): array {}
public function onlySsoFunc(?string $remoteUser): void {}