SSO implementation for vTiger - linagora/vtiger-api-js-client GitHub Wiki
SSO implementation
Params in config.inc.php
To enable SSO just add $SSO = true;
and provide the auth portal url in $SSO_url
so that vTiger does not block redirection from external server.
Added code :
First you need to enhance includes/main/WebUI.php by checking if SSO is enabled and if so set $_SESSION['authenticated_user_id'] as the correct id provided in your header :
if (!$user) {
global $SSO;
if ($SSO){
require_once('include/database/PearDatabase.php');
$db = PearDatabase::getInstance();
foreach (getallheaders() as $key => $value) {
if ($key == 'Auth-User') {
$username = $value;
}
}
$query = 'select id from vtiger_users where user_name = "'.$username.'";';
$params = '';
$result = $db->pquery($query, $params, true, "Error getting user_id");
$_SESSION['authenticated_user_id'] = $result->fields['id'];
}
$userid = Vtiger_Session::get('AUTHUSERID', $_SESSION['authenticated_user_id']);
[...]
Then to enable disconnection from SSO portal, open modules/Vtiger/views/Header.php and set 'linkurl' (in the $userPersonalSettingsLinks array and preceded by 'LBL_SIGN_OUT') to a custom url like 'ssologout' and give it to your network admin.
Finally in includes/http/Request.php do the following change to ensure redirection after login in portal :
if (isset($_SERVER['HTTP_REFERER']) && $user) {//Check for user post authentication.
global $site_URL;
global $SSO;
if($SSO){
global $SSO_url;
}
if ((stripos($_SERVER['HTTP_REFERER'], $site_URL) !== 0) && (stripos($_SERVER['HTTP_REFERER'], explode('?', $SSO_url)[0]) !== 0) && ($this->get('module') != 'Install')) {
throw new Exception('Illegal request');
}
}