trajche / samlauth Goto Github PK
View Code? Open in Web Editor NEWSAML Authentication Plugin for Kanboard
License: GNU Lesser General Public License v3.0
SAML Authentication Plugin for Kanboard
License: GNU Lesser General Public License v3.0
Hi,
As of PHP 7, empty arguments are not supported anymore. To still make this great plugin work in PHP 7, could you make the following changes in /User/SamlUserProvider.php on line 39
public function __construct($username = null, $email = null, $name = null, $role = null)
?
That would be great!
Cheers.
I would like to share my experiences to get SamlAuth working with ADFS.
We have a Windows based test Kanboard installation where I would like to make access via saml possible.
My environment : Win2022 with IIS and PHP 8.2, Kanboard 1.2.26, sqlite Database LDAP connect to AD and a Win2022 ADFS Server
After downloading the zip file and unpacking it to kanboard\plugins\SamlAuth it missed the Thirdparty Modul php-saml so i downloaded it manual and copy it to kanboard\plugins\SamlAuth\Thirdparty\php-saml.
And here are my Configuration settings:
SP Entity ID:
is a unique string, i use the FQDN from Kanboard Server
Single Signon Service
https://FQDN_Kanboard_Server/kanboard/index.php
Single Logout Service
https://FQDN_Kanboard_Server/kanboard/logout (not sure about that)
SP Certificate
public key from the Kanboard Server cert
SP Certificate Private Key
privat key from the Kanboard Server cert in --> RAW format
For the Identity Provider Configuration i used the informations from the https://FQDN_ADFS_Server/FederationMetadata/2007- 06/FederationMetadata. xml
IDP Entity ID
http://FQDN_ADFS_Server/adfs/services/trust
Single Signon Service
https://FQDN_ADFS_Server/adfs/ls/
Single Logout Service
https://FQDN_ADFS_Server/adfs/ls/
IDP Certificate
public key from the ADFS Server cert
Identity Provider Attribute Mapping
Full name Attribute
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
Username Attribute
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Remove text in username attribute
empty
Email Attribute
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
Generate the Metadata XML and import it in ADFS.
I configure the Claims as follow:
Rule 1:
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
=> issue(store = "Active Directory", types = ("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"), query = ";sAMAccountName,mail,displayName;{0}", param = c.Value);
Rule 2:
c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
=> add(store = "Active Directory", types = ("temp_name"), query = ";sAMAccountName;{0}", param = c.Value);
Rule 3:
c:[Type == "temp_name"]
=> issue(Type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name", Value = RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(RegExReplace(c.Value, "A", "a"), "B", "b"), "C", "c"), "D", "d"), "E", "e"), "F", "f"), "G", "g"), "H", "h"), "I", "i"), "J", "j"), "K", "k"), "L", "l"), "M", "m"), "N", "n"), "O", "o"), "P", "p"), "Q", "q"), "R", "r"), "S", "s"), "T", "t"), "U", "u"), "V", "v"), "W", "w"), "X", "x"), "Y", "y"), "Z", "z"));
Because Kanboard usernames are case sensitive i have to convert the username, send by ADFS, to lowercases to prevent double
users. (Rule 2 and3)
Maybe this will help someone to get this Plugin to work ....
Unable to $this->configModel->get() from template...
Is the plugin ready to be listed on the official plugin page? Found it by accident when looking for SAML support and I guess it would be easier if it was listed there.
Dear Trajche Kralev,
as I was both forking your project for some modifications as well as using it as a base for creating an InvoicePlane plugin working mostly the same as your package I wanted to ask if it would be fine when I publish my InvoicePlane project under MIT instead of LGPLv3. Though the most important part of the package is the php-saml integration which is also under MIT, I realized that as I used your package as an example it would not be appropriate to just publishing under another license.
The package I am speaking about can be found here:
https://github.com/kingstarter/invoiceplane-saml
Please let me know if this would be fine. I've just published everything and realized afterward that it should have been published under LGPLv3 as I used minimal parts of your code. In case it would not be fine I would either change the license or remove your code parts.
Greetings,
Steve
Hi guys, the SAML plugins not work in kanboard 1.0.38.
After send the data with the "Generate Metadata" button, shows the next message:
Internal Error: Invalid array settings: sp_entityId_not_found, sp_acs_not_found, sp_sls_url_invalid, sp_certs_not_found_and_required, contact_not_enought_data
Hi.
I found an error in SamlAuth.php on line 77. https://github.com/trajche/SamlAuth/blob/master/Auth/SamlAuth.php#L77
samlauth_name_attribute
should be samlauth_email_attribute
Thanks.
Per
I tested this against SSOCircle's Public IDP and I received the error SAML must contain one assertion
.
I captured the POST and am attaching it here, both in XML and base64. I'm posting it in base64 also because I got a weird error from Apache when I tried to get it to work, so it's probably an Apache error. The Apache error was:
[Mon Mar 27 15:49:27.262792 2017] [php7:warn] [pid 25326] [client 75.118.161.192:53168] PHP Warning: DOMDocument::loadXML(): Start tag expected, '<' not found in Entity, line: 1 in /srv/kanboard/plugins/SamlAuth/Thirdparty/php-saml/lib/Saml2/Utils.php on line 58
So it's interpreting a <
as <
, which is not how I want it to load that base64-encoded payload. Any thoughts?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.