I see a few people have requested this and I want to do this as well. I see one possible code injection point: The OA_Start() function in 'www/admin/config.php' has this line of code:
if (!OA_Auth::isLoggedIn() || OA_Auth::suppliedCredentials()) {
Right after that line, I plan to inject an include to my own PHP file somewhere on the system. That file will initiate a redirect to our own login interface. Since I don't care about what level a user operates at, I'm just going to copy the existing 'sessiondata' blob from the 'rv_sessions' database table for full admin rights.
Upon successful SSO sign in, I'll set the "sessionID" cookie to the same value that I also insert into the 'rv_sessions' table (with the aforementioned data) prior to redirecting back to the admin interface.
This way, I only need to modify one line of code whenever I go to upgrade the system and login is transparently tied to our own systems.
Support for SSO systems from Revive would be a simple matter of doing a check at a location for a PHP file that normally doesn't exist. However, if it exists, execute that file and exit. If it doesn't exist, then just do the built-in login system thing. It would be up to the integrator to generate the correct information for the database and set a valid browser cookie. They'd also be mostly on their own as far as the login and permissions systems go. I'm fine with that.
Custom login system/SSO support
in For Developers
Posted
I see a few people have requested this and I want to do this as well. I see one possible code injection point: The OA_Start() function in 'www/admin/config.php' has this line of code:
if (!OA_Auth::isLoggedIn() || OA_Auth::suppliedCredentials()) {
Right after that line, I plan to inject an include to my own PHP file somewhere on the system. That file will initiate a redirect to our own login interface. Since I don't care about what level a user operates at, I'm just going to copy the existing 'sessiondata' blob from the 'rv_sessions' database table for full admin rights.
Upon successful SSO sign in, I'll set the "sessionID" cookie to the same value that I also insert into the 'rv_sessions' table (with the aforementioned data) prior to redirecting back to the admin interface.
This way, I only need to modify one line of code whenever I go to upgrade the system and login is transparently tied to our own systems.
Support for SSO systems from Revive would be a simple matter of doing a check at a location for a PHP file that normally doesn't exist. However, if it exists, execute that file and exit. If it doesn't exist, then just do the built-in login system thing. It would be up to the integrator to generate the correct information for the database and set a valid browser cookie. They'd also be mostly on their own as far as the login and permissions systems go. I'm fine with that.