os2web/os2web_simplesaml

Enhances integration with simplesamlphp_auth module, by force triggering SimpleSAML auth page redirect when certain criteria are met

Installs: 6 904

Dependents: 3

Suggesters: 0

Security: 0

Stars: 0

Watchers: 12

Forks: 0

Open Issues: 1

Type:drupal-module

8.x-dev 2023-10-03 11:26 UTC

This package is auto-updated.

Last update: 2024-11-17 11:44:37 UTC


README

Module purpose

The aim of this module is to enhance integration with simplesamlphp_auth module, by force triggering SimpleSAML auth page redirect when certain criteria are met.

How does it work

Module performs checks on a single redirect triggering page. In order for it to work the cache for anonymous user for that page response is programmatically killed.

The redirect check cannot be done on all pages. Reason for that is the performance. The redirect only works properly when page response cache is killed (otherwise response is cached for all anonymous users), so in order for it to work on all pages anonymous page response caches must be killed (which is the same as disabling page cache entirely).

As a compromise between the functionality and performance it has been decided to use a single page to trigger redirect check.

If the request passes all the criteria (meaning user is anonymous and the IP is within whitelist), request is redirected to SimpleSAML auth page.

To improve the performance, the redirect decision is stored in cookies to a limited time.

Additionally module provides a special field for user entity, called SimpleSAML UID that allows to create a SimpleSAML mapping with the existing Drupal users.

Additional setings

Local authentication

Path: /admin/config/people/simplesamlphp_auth/local

  • IP's whitelist Comma separate values of IP or IP ranges that will be redirected to SimpleSAML auth page.
  • Redirect triggering page A certain page that triggers the redirect to SimpleSAML auth page if the criteria pass (defaults: front page "/").
  • Cookies TTL Stores the redirect response in the cookies for a certain period of time (defaults: 5min).

User info and syncing

Path: /admin/config/people/simplesamlphp_auth/sync

  • OS2Web user fields mapping Allows to create mapping between SimpleSAML claims and user profile fields. Upon login user fields will be populated using specified SimpleSAML claims.

    Each field mapping also supports param Force sync on every login. Having it OFF will only populate the field from claim if the field is empty, having this param ON will make field to be populated each time user has logged in.

Install

Module is available to download via composer.

composer require os2web/os2web_simplesaml
drush en os2web_simplesaml

Update

Updating process for OS2Web SimpleSAML module is similar to usual Drupal 8 module. Use Composer's built-in command for listing packages that have updates available:

composer outdated os2web/os2web_simplesaml

Automated testing and code quality

See OS2Web testing and CI information

Contribution

Project is opened for new features and os course bugfixes. If you have any suggestion or you found a bug in project, you are very welcome to create an issue in github repository issue tracker. For issue description there is expected that you will provide clear and sufficient information about your feature request or bug report.

Code review policy

See OS2Web code review policy

Git name convention

See OS2Web git name convention