Hey all,


We have a custom sign in service that is a blanket authentication (shibboleth).

I've gotten the help desk to get the id (modified login.class.php) and then the ChSignInPage class to redirect automatically, bypassing the login form and going straight to the authenticateAction() which then goes to the login.classes.php's authenticate() function, which then I modified the query to get the username from the email etc.

It does return the correct workers.

There isn't much change, except the render() function in ChSignInPage directs to the authenticateAction() function, instead of rendering the login form.

All the login info seems correct, it's pulling the right user, except it doesn't seem to login.

It shows outputs some of the HTML, and I guess it's trying to redirect to complete the login, but it's outputting the template.
If I just refresh the page, it does the same thing.

It is pulling the proper Worker class info, I didn't do much aside from modifying the query to just pull the username part of the email address, and then divert from the login form straight to the authenticate.

So, where can I go/ what can I do?

Thanks

Hey there!

It would probably be better to do this in the /cerb4/index.php file (the Devblocks bootloader). You could add something like this:

After:

$session = DevblocksPlatform::getSessionService();
Add:

// Check if we're not logged in yet
if(null == ($visit = $session->getVisit())) {
// See if we can find our worker from our e-mail address (cookie, etc.)
if(null != ($worker_id = DAO_Worker::lookupAgentEmail("jeff@localhost"))
&& null != ($worker = DAO_Worker::getAgent($worker_id))) {

// Create a new visit and force a login
$visit = new CerberusVisit();
$visit->setWorker($worker);
$session->setVisit($visit);
}
}
Replace the e-mail address in the "lookupAgentEmail" method with your e-mail address from your SSO cookie/etc. You can add whatever other assurances you want so people can't hijack your logins by simply adding an e-mail address to a cookie (something more like LDAP/AD auth).

In the future you could add another login authenticator for this, just like LDAP and Cerb4 auth are set up. But overloading the bootloader here lets you bypass the form entirely, as requested. I'd revert your other changes.

Hope that helps!

Thanks! :)
Seems to work, except one thing:

Fatal error: Undefined class constant 'SETTING_OVERVIEW' in /var/www/html/cerberus/plugins/cerberusweb.core/classes.php on line 524


Trying to track it down, but posting it in case you get to it before I do

Well I changed that to the text value for now. That's a weird error, it should work though.

Hey Nabeel!

Strange that it's complaining about the class constant and it isn't saying the DAO_WorkerPref class isn't defined. That sounds like a code sync issue.

Can you make sure you're completely updated from SVN?

You may also want to run a diff just to make sure any changes/omissions are intentional.

Yup it's sync'd. I restored the original files before operating. It shouldn't be giving it, since that class is "global" it seems, being used by index.php as well.
I tried declaring it static, but that was a no-go as well.
I'll do a re-update again, and try it. For now, I just replaced the SETTING_OVERVIEW with 'worker_overview'. But since i'm replacing the defined const with the string const it shouldn't be a problem. I hope :p

haha! Yeah that hack should work fine until we have a chance to figure it out.

Sometimes different versions of PHP are just bizarrely different. Especially patch-level builds.

Yeah, definitely. I'll post tomo, and let you know which PHP version it is.
Right now I'm trying to figure out your cron script so I can have a version to run from the command line :)