JQuantLib

Integrate simplesamlphp for LDAP provisioning.

Bug #1209978 reported by Richard Gomes
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
JQuantLib
New
Medium
Unassigned

Bug Description

ConfirmAccount, which is a Mediawiki we'd like to install in order to combat spam, does not work properly with AuthLDAP, which is needed for provisioning onto LDAP.

So, the idea is remove AuthLDAP and move account provisioning to OpenIDP, implemented by SimpleSAMLphp.

I've installed an configured a pair IdP + SP, which are still disabled in Apache configuration. When this configuration becomes approved, we could removed AuthLDAP from our wiki. All other webapps, like Mantis and phpBB3 remain unchanged, because they are only LDAP clients.

Once we reach this situation, we will had potentially eradicated spam because all webapps: Mediawiki, Mantis and phpBB3 have good enough measures intended to combat spam.

So, why we cannot go ahead and finish this task right now?
Because reCaptcha is not properly integrated to simpleSAMLphp yet.

======================
Additional Information
======================
If a new version of SimpleSAMLphp needs to be installed, remember to:

1. verify all files *.OLD in all subfolders of /var/www/idp.jquantlib.com and /var/www/sp.jquantlib.com. There are the original files. There are new files substituting them (without .OLD extension). These new files need to be copied to the new installation, if it is the case.

2. copy files in folders /var/www/idp.jquantlib.com/simplesamlphp/config and /var/www/sp.jquantlib.com/simplesamlphp/config

3. remember to disables plugins not needed.

4. Possibly we only need the IdP. If this is the case, we can immediately turn on SSL, with a self registered certificate (already created).

5. If we need a SP for some reason, it's not trivial to have 2 different domains in the same server. Possibly it can be done by merging configurations done for the IdP and SP into a single webapp, which can be configured to work with SSL. This would possibly solve the problem of multiple SSL intances in the same IP, which is not supported.
See: http://simplesamlphp.org/docs/1.5/simplesamlphp-idp#section_8

Once the pair IdP + SP becomes ready, working with reCaptcha, it's necessary to change links in Mediawiki, Mantis and phpBB3 in order to point to several utility pages:

Login (IdP first)
http://idp.jquantlib.com/simplesaml/saml2/idp/SSOService.php?spentityid=sp.jquantlib.com&RelayState=http://www.jquantlib.org/index.php

Login (SP flow)
http://sp.jquantlib.com/simplesaml/module.php/core/authenticate.php?as=jquantlib-sp

Register
http://idp.jquantlib.com/simplesaml/module.php/selfregister/newUser.php

Reset Password
http://idp.jquantlib.com/simplesaml/module.php/selfregister/lostPassword.php

Account Manager
http://idp.jquantlib.com/simplesaml/module.php/selfregister/

Tags: sysadmin
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.