SSO implementation for vTiger - linagora/vtiger-api-js-client GitHub Wiki

SSO implementation

Params in config.inc.php

To enable SSO just add $SSO = true; and provide the auth portal url in $SSO_url so that vTiger does not block redirection from external server.

Added code :

First you need to enhance includes/main/WebUI.php by checking if SSO is enabled and if so set $_SESSION['authenticated_user_id'] as the correct id provided in your header :

if (!$user) {
  global $SSO;
  if ($SSO){
    require_once('include/database/PearDatabase.php');
    $db = PearDatabase::getInstance();
    foreach (getallheaders() as $key => $value) {
      if ($key == 'Auth-User') {
        $username = $value;
      }
    }
    $query = 'select id from vtiger_users where user_name = "'.$username.'";';
    $params = '';
    $result = $db->pquery($query, $params, true, "Error getting user_id");
    $_SESSION['authenticated_user_id'] =  $result->fields['id'];
  }
  $userid = Vtiger_Session::get('AUTHUSERID', $_SESSION['authenticated_user_id']);
[...]

Then to enable disconnection from SSO portal, open modules/Vtiger/views/Header.php and set 'linkurl' (in the $userPersonalSettingsLinks array and preceded by 'LBL_SIGN_OUT') to a custom url like 'ssologout' and give it to your network admin.

Finally in includes/http/Request.php do the following change to ensure redirection after login in portal :

if (isset($_SERVER['HTTP_REFERER']) && $user) {//Check for user post authentication.
  global $site_URL;
  global $SSO;
  if($SSO){
    global $SSO_url;
  }
  if ((stripos($_SERVER['HTTP_REFERER'], $site_URL) !== 0) && (stripos($_SERVER['HTTP_REFERER'], explode('?', $SSO_url)[0]) !== 0) && ($this->get('module') != 'Install')) {
    throw new Exception('Illegal request');
  }
}