Does anyone managed to have this plugin work with AD FS?
Here is my current config, when testing the SSO, I get the tokens and everything, but nothing under getResourceOwner: and this error:

Warning:  No data available in /var/www/html/glpi/src/Toolbox.php on line 1514

Also when trying to setup the provider, it just refreshes the page.

Thanks!

First, thx a lot for this great plugin. Definitely a must have.
Only problem I had : In my setup, glpi is in a docker, listening on port 80, and we use a reverse proxy to publish a https site.

So I had to patch your getBaseURL() function to make it work. Would be great if in a future release, we could specify this base url or if it could use the glpi one.

Thx again anyway.

Hello I have installed this SSO plugin on my glpi v-10.0.3.
But i am unable to connect with azure. Aftter configuring everyrhing correctly i get these two :
Warning: Undefined variable $authorizedDomains in /var/www/html/glpi/plugins/singlesignon/inc/provider.class.php on line 1147

Warning: foreach() argument must be of type array|object, null given in /var/www/html/glpi/plugins/singlesignon/inc/provider.class.php on line 1147

Have anyone had similar issue like me ? Thanks in advance for your help!!

GLPI 9.4.3
Last version glpi-singlesignon

A have created Facebook provider
After try to login I have message
"User is not authorized to connect in GLPI"

I try add other provider Office 365 as generic.
And I have same error.

In GLPI config:
Automatically add users from an external authentication source - Yes

Can I create user in GLPI before use SSO? or user will be creating self

Boa tarde,
Parabéns pelo trabalho e plugin.

Aqui deu certo até a parte Azure, no GLPI como eu libero pra acessar?

Obrigado,

Good afternoon people,
After installing the plugin
glpi-singlesignon the following error occurs.

Warning: Array to string conversion in C:\xampp\htdocs\glpi\glpi\plugins\singlesignon\inc\toolbox.class.php on line 17

Version of glpi is 10.0.6

can anybody help me?

the single sign on test is ok but error "PHP Notice: Array to string conversion in C:\inetpub\wwwroot\glpi\plugins\singlesignon\inc\toolbox.class.php on line 17" after disconnection. Can you help me

.

Hi!

Using the latest git version of SSO and GLPI 10.0.6 on Ubuntu 22.04, Apache2 and PHP 8.1 gives me the following error when I'm on the SSO settings page and have debug mode active in GLPI:

PHP Deprecated function (8192): str_replace(): Passing null to parameter #2 ($replace) of type array|string is deprecated in /var/www/html/plugins/singlesignon/inc/provider.class.php at line 870
PHP Deprecated function (8192): hash_hmac(): Passing null to parameter #2 ($data) of type string is deprecated in /var/www/html/plugins/singlesignon/inc/provider.class.php at line 871

I have an issue with connecting to Azure and O365, but this incompatibility might have something to do with it.
The SSO error I'm getting is:

 [error] => Array
        (
            [code] => InvalidAuthenticationToken
            [message] => Access token validation failure. Invalid audience.
            [innerError] => Array
                (

Hi,
working through using this with Azure. Wanted to remove due to other issue I'll log and then reinstall the plugin.
I disabled the plugin, then uninstalled. However when I try to re install I get the error:

"error adding picture column Duplicate column name 'picture'"

Any help appreciated.

Não consegui sucesso usando o google:
Adicionei o client ID e a senha. No google coloquei a url de callback que o plugin me deu.
Ao testar a URL de callback, recebo: Provider not defined.

O que eu perdi?

Abraço,

Vai desenvolver esse Plugin para o GLPI 10?

In order to use the Google OAuth Service, you have to comply with Google's branding guidelines indicated here - https://developers.google.com/identity/branding-guidelines.

Do you think it would be possible to replace the Login Boxes with the Provider's one? Like on the screenshots.

Thanks!

Hi Edgard,
i try your pluging, but nothing work.

I use GLPI 9.5.4. (I try your plugin version 1.3.1 and 1.2)

I create a provider with generic to my Keycloak.

But when i click on "Login with Keycloak, i'm redirected to GLPI connection white page, normaly it's provider interface connexion?

In this white page, any try do nothing. (no log too)

I have no log, no request was sent to my keycloak.

Thx for your return

Thanks for your great job Edgard

PHP Fatal error: Uncaught Error: Call to undefined method User::getById() in ....

public function linkUser($user_id) {
/** @var User */
$user = User::getById($user_id);
if (!$user) {
return;

Regards Franck

Hello,

Google will discountinued his legacy sign-in on March 31 2023.
It will be replace by the new google Identity services (https://notifications.google.com/g/p/AKWoLQixI1mcx3OisDQ6EIGdGFpL5oBrsK8UJGCDP_OdIZOqAlrWtt1Z9XLgO-uVTKyCFKDeTZ1fHnwsZOV3q73lfohgVzWQN1K95DsQCju8aepvz8nzGlh1cPwSz-frKxcPGw).

Do you plan to update glpi-singlesignon to be compatible with the new services ?

Thank you

Hello,
I want to add french translation for this plugin (primarily for the "Login with").
Is there a way I can do this ?

When we login with SSO, GLPI does not process the rules of Authorizations assignment rules.

If login using glpi authentication the rules are processed and all groups are assigned to the user.

Hi everyone,

i try to connect the plugin with AZURE.
But in the end i have the error " user not authorized to connect to glpi "

in the plugin i have put my url of glpi
https://xxxx
But still the same error.

What i have do is wrong ?

Please help me i am blocked :)

Hi,

When i try to install rhis plugin, i get this error:
error adding picture column Duplicate column name 'picture'

GLPI version : 9.5.7
Plugin version : 1.3.1

Hi,

I am trying since few days to setup an SSO for my GLPI instance, but no success.

1. Login with SSO
2. WSO2 login form is displayed
3. consent for scope is displayed (I select all and confirm)
4. Then the GLPI page appears saying that teh user is not allowed to connect to GLPI.

Is it possible to activate detailed log to help the debugging in order to see all exchanges between the IDP and the plugin? If yes how and where are the log files (in /_log)
Do I need to setup specifics claims in my IDP? if yes can you advise me which ones?

Thank you for your support.

Best regards.
Pascal

Configuration are hereunder:
for GLPI:

for the plugin:

STEP 1

STEP 2

STEP 3

STEP 4
The messages say:
Warning: No data available on site /var/www/html/glpi/src/Toolbox.php on line 1427
User not allowed to connect to GLPI

Estou recebendo o Erro 400: redirect_uri_mismatch, com o login com o google

Users are unable to authenticate if their account haven't been previously linked on the user preferences
missing something ?

There is a problem with the http_build_query

error log in glpi 9.4.5:

*** PHP Warning(2): http_build_query(): Parameter 1 expected to be Array or Object. Incorrect value given
Backtrace :
:
plugins/singlesignon/inc/provider.class.php:924http_build_query()
plugins/singlesignon/hook.php:19PluginSinglesignonProvider::getCallbackUrl()
inc/plugin.class.php:1129plugin_singlesignon_display_login()
index.php:219Plugin::doHook()
{"user":"@ismwebvm1","mem_usage":"0.006", 1.68Mio)"}

The PHP version is 7.3

I tried to snclose the $url param in brackets http_build_query([$url]), but i think that is not the solution, the error disappear but now i get an Office365 Login error:

AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application: '04e83913-8bc6-4f9a-b647-c4f2d03719eb'.

Actually i can login using the regular login form from GLPI but i'm unable to use the [ Login with O365] link created by the plugin.

How can I implements PKCE flow in this plugin?

Hi, im trying this excelent plugin on test enviroment, but Im getting 500 error after succefully login.
In apache log I can see this:
PHP Fatal error: Uncaught Error: Call to undefined method User::getById() in /var/www/html/glpi-9.4/plugins/singlesignon/inc/provider.class.php:1116\nStack trace:\n#0 /var/www/html/glpi-9.4/plugins/singlesignon/front/callback.php(53): PluginSinglesignonProvider->linkUser('838')\n#1 {main}\n thrown in /var/www/html/glpi-9.4/plugins/singlesignon/inc/provider.class.php on line 1116

Then, If I reload the page, Im already logged in. Im attaching the plugin configuration.
Many thanks in advance!

Boa tarde,

O que são as opções Scope e Extra Options no plugin?

Obrigado,

Newly install plugin. Tried before manually adding user, though Automatically add user from external authentication is Yes. Still getting the error even after manually adding the user.

I know my Google settings are correct, what else should I look for?

Should I have anything in Scope?

I am running 10.0.3 with latest plugin, and I get those errors

Notice: Undefined index: glpilanguage in /var/www/html/glpi/src/Html.php on line 1228

Notice: Undefined index: in /var/www/html/glpi/src/Html.php on line 1228

Notice: Trying to access array offset on value of type null in /var/www/html/glpi/src/Html.php on line 1228

Set the office location from Office 365 user as entity for the GLPI new user if they names match.

Error in image
I can't upload an image, please can you help me?

Issue: Can NOT login using Microsoft Azure

GLPI Version: 10.0.1
Azure App Supported Account types: Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts.
Plugin Version: Current one (v1.3.3) just cloned the main branch.

How to reproduce the issue: The issue was discovered by login with an user with login XXXX and email address [email protected]. The output when trying to login is following.

Extra Info 1: The "Test Button" on SSO Provider screen works well showing the API return when add the approval call back return URL as /plugins/singlesignon/front/callback.php/provider/2/teste/1

Extra Info 2: I setup Google Login and it works perfectly.

Details:

Notice: Undefined variable: authorizedDomains in /var/www/html/glpi/plugins/singlesignon/inc/provider.class.php on line 1122

Warning: Invalid argument supplied for foreach() in /var/www/html/glpi/plugins/singlesignon/inc/provider.class.php on line 1122

Many Thanks in advanced due to any help and guidance.

Hello,

First of all, thank you for your contribution and the plugin you created.

I would like to know if you planned to add a support of OKTA SSO in a near futur or not.

Best regards

Hi @edgardmessias ,
thanks for you wonderful plugin. i would like to request you to provide an option to create user directly while authentication. at present you need to create a user then use the single signon.

and also use logos for different sign on method like google facebook github etc.

Thank you.

Hi Edgard.
First of all, many thanks for the previous reply in another issue.

Now, I want to know if there is somthing I'm missing in the configuration. The problem I have is when I point to a direct access to a tiket like this http://glpiprueba.unrn.edu.ar/front/ticket.form.php?id=34 I get the error in the attached screenshot when clicking on the login button.
I already verify in the google console for the allowed URI redirection and everything seems to be ok.

Can you help me please?
Many thanks in advance!
Regards,

Hello,
I've tried to find guidelines about how to set up but I'm still unable to do so.
I've followed this procedure: Azure - https://docs.microsoft.com/azure/app-service/configure-authentication-provider-aad
I couldn't go for option 1 as I don't have the menu to Add identity provider showing up and while going for option 2, I get the error that the provider link isn't correct.
Does anyone have configured already and would be kind enough to guide me through ?

Thanks !

Hi,
I was trying to use this with azure with Azure App as single tenancy authentication. However I get the following azure error when testing:

"is not configured as a multi-tenant application. Usage of the /common endpoint is not supported for such applications created after '10/15/2018'. Use a tenant-specific endpoint or configure the application to be multi-tenant."

Looking in your providers.json file I see you have this hard coded:

    "url_authorize": "https://login.microsoftonline.com/common/oauth2/v2.0/authorize",
    "url_access_token": "https://login.microsoftonline.com/common/oauth2/v2.0/token",

It seems this needs to be changed to: "https://login.microsoftonline.com/ TENANTNAME or ID"

I'm looking to manually change the /common to my tennant ID to get this working but came across other issue uninstalling (logged as separate issue) but is there any option to add this tennant ID in the config interface?

Thanks

The single sign on test is ok but error "PHP Notice: Array to string conversion in C:\inetpub\wwwroot\glpi\plugins\singlesignon\inc\toolbox.class.php on line 17" after disconnection. Can you help me.

error with google ,Any idea?

AADSTS650056: Misconfigured application. This could be due to one of the following: the client has not listed any permissions for 'AAD Graph' in the requested permissions in the client's application registration. Or, the admin has not consented in the tenant. Or, check the application identifier in the request to ensure it matches the configured client application identifier. Or, check the certificate in the request to ensure it's valid. Please contact your admin to fix the configuration or consent on behalf of the tenant. Client app ID: 2f7f888c-3106-4599-a5fc-dcc39e7acde1.

Já olhei diversos LINKS e nada... consegue me ajudar edgar ?

SAML RESPONSE - LOGS

<samlp:Response ID="_059ec332-8406-485f-bb7f-231d25f82988" Version="2.0" IssueInstant="2021-06-17T13:51:10.637Z" Destination="https://suportehomologacao.inventcloud.com.br/" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">https://sts.windows.net/cba531a8-d084-4473-a98f-b0c212ab7b7e/</'>samlp:Status<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:Status>https://sts.windows.net/cba531a8-d084-4473-a98f-b0c212ab7b7e/uachxpOq7/t3pyeFn7y6gf/KcL1431DMPykE5xoEljo=DL1DwiAGBOFNKSFx9Ar8I7hg69sRj5W1rT0TzUcI9k8pwWR6O13wTsfYPXfJ9zeeExM+EjuGK9F1pxJ7axAF4Vx1zlh2M32b6SbyffGHphjWna7j7zLWsdamjtSvtitA9GDZuymYjU44tlqsnbzMiVVBztz3bEPSXGwo/8+QGbO1sBypPvVhifMkPmroprOnBvRT6469UZD72J+F/lIC4bQ9cpw8uLZbyCGqV+JsTGK0cSET+aS4rH0PlAt4CzO7GXS/Xgv3UyOjVvbz5Vp/5RVU5g1MNJmOuSc0M4CUa5VN0lB/kT7beodTm1/geL1z1UcsULAFFx68+CjdHtwM3w==MIIC8DCCAdigAwIBAgIQXAbJy9z1pqtJrRwxLIbR1DANBgkqhkiG9w0BAQsFADA0MTIwMAYDVQQDEylNaWNyb3NvZnQgQXp1cmUgRmVkZXJhdGVkIFNTTyBDZXJ0aWZpY2F0ZTAeFw0yMTA1MTcxOTU1NDdaFw0yNDA1MTcxOTU1NDdaMDQxMjAwBgNVBAMTKU1pY3Jvc29mdCBBenVyZSBGZWRlcmF0ZWQgU1NPIENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmaE4SzpLK15YwFRR2/CAyAu2azwBvvoPcQoB/eikhZxBCGKlHPEx+GjjbzcnVEl6OsR4tIOYOL9owi/afuqQ5rx091nd6WFQzyHtWjtEa248EG+XT4rkROv8PmqpJeNQH85rX4OR/8bCcecwd4rCVdkX536gHJZl57k35omBiGZvuGBDIqpKkcomcm7HfR1dkHniOGqsgVBQ8nacd5LFAU615hriE2RIFQqfAH+Tn3rrf3vY5BFvrwzi/o8n9AAXdTL8+m4eOHv4n4UlBzlscHte/C5Fp826n2o2tz4Rn2lR+jn6e+wy9X6Fydcl5lfTNl8a/RPkETQ1Y+nQFMOARQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQB+RV9vVxT0NGh8f/TB7oAnvy42SLBYDIwORx7wXNi4QtGZpeG+tcP0KtzKKR3yHoH3wFisYuPQfvpkyFhITgAKyglFEjDtGZYttSOB/K9in9pAdgDiDNbd4kZo2HgsR3zjmGrBLe1bkIG02od54RrRs4lm96PxM27JWNRaWJqf6mQ7va1f85n0QXgN+S1K90XxhbUQGIKTywbVGQoI2ZtmRG7vFrs3++KGfPLopix6/log8FWwayHmq35FT8teNb5YJ2fG4qwSxLZK87rpkFcvEV1s/tdSHNIs4wFGOmhz+m+QuSs+D68fVSX8EZm3hvFROE1pAgmXLgpa3sVT/meF[email protected]https://suportehomologacao.inventcloud.com.br/saml2cba531a8-d084-4473-a98f-b0c212ab7b7ef2105918-bcb8-4ba9-9681-26d3ddda1e49Lucas Caparozhttps://sts.windows.net/cba531a8-d084-4473-a98f-b0c212ab7b7e/http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/passwordhttp://schemas.microsoft.com/claims/multipleauthnLucasCaparoz[email protected][email protected]urn:oasis:names:tc:SAML:2.0:ac:classes:Password</samlp:Response>

Can you elaborate a little more on the steps for the configuration?

need to add mail servers?

or some external authentication method?

any additional plugin?

after trying to make the connection with a user of my domain in g-suite I get "User not authorized to connect to GLPI

Return to log"

after giving permissions to the user

Hi,

I have configured an Azure application, retrieved the secret, tenant ID and client ID. However when I test the plugin via the "Test Single Sign-on" button I get a 404 error from NGINX on the callback URL. Moreover, when I activate the plugin, the login page does not show the connection options. GLPI version is 9.5.6, singlesignon is 1.3.1 and I have fusion Inventory and GLPI Modification activated.

Thanks

I have tried with Azure or generic, but in both options I get this option

I just installed master version and when everything is configured the Callback URL appears without https:

http://XXX.XXX/glpi10/plugins/singlesignon/front/callback.php/provider/1

instead of

https://XXX.XXX/glpi10/plugins/singlesignon/front/callback.php/provider/1

is this value hardcoded somewhere?

with glpi 10.0.3 got Error 400: redirect_uri_mismatch

Hi Edgard,

I've recently started exploring GLPI in our organization. This repository seems like a good starting point to enable SSO on top of GLPI. I'd like to fork and contribute back, but the lack of licence prohibits me.

Is there a possibility to licence the code, or explicitly allow me or my company to modify the code in this repository?

I have setup the plugin version 1.3.3 with glpi 9.5.6

I have the same issue : user not authorized after oauth2 session login

Plugin config :
SSO Type : Generic
Client ID : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
Client Secret : xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Scope : openid
Authorize URL : https://identity.dev.com/oauth2/authorize
Access Token URL : https://identity.dev.com/oauth2/token
Resource Owner Details URL : https://identity.dev.com/oauth2/userinfo

What are the claims need to configure oauth2 service provider ?

Edgar,
Primeiramente, parabéns pelo excelente trabalho realizado nesse plugin, mas gostaria de sua ajuda numa ponto, ao realizar o login via Google, ele não permite o acesso ao GLPI com o usuário autenticado via singlesignon, minha pergunta é durante a criação do usuário, qual perfil é associado ao login?

Tela de erro:

Grato pelo apoio.

After upgrading from 10.0.0.5 to 10.0.0.6 Ive get the following error/warning when I try to login with SSO

Warning: plugin_version_glpi-modifications method must be defined! in .../src/Plugin.php on line 1654
Warning: Cannot modify header information - headers already sent by (output started at .../src/Plugin.php:1654) in .../plugins/singlesignon/inc/provider.class.php on line 919

and the process died.