Barebones CMS

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Third-party integration
#1
Hello,

I managed to install SSO server easily thanks to the good tutorials and documentation, thank you.

I think that I am not the only one wanting to integrate with an already existing web application but here is where stops the good documentation!

I come from the self-hosting world and need some help with integrating with, say TT-rss, Bookstack, Kanboard. All already have integration with some SSO/OAuth/LDAP services but they all seem to me to heavy to install comparing how easy it was to install SSO server.

Is there a way to have some help ?
I already tried to understand how to make a plugin as indicated in the documentation but I am not a developer.

Sharing tutorials/plugins for some open-source web applications would awesome.

Thank you.
Reply
#2
I live in the self-hosted universe too. Smile

Sorry for the delayed reply. I've added an OAuth2 shim to the SSO server. You'll need to update your install to the latest from GitHub to take advantage of the feature. It's effectively a whole new endpoint that presents a public-facing OAuth2-compatible interface:

https://github.com/cubiclesoft/sso-serve...oftware.md

I've tested it with various OAuth2 provider integrations and it works well enough for generic user access. Both Bookstack and Kanboard have OAuth2 options, so you are pretty much set there (Bookstack will require modifying the Google OAuth2 code very slightly as described in the documentation above):

https://www.bookstackapp.com/docs/admin/...th/#google
https://github.com/kanboard/plugin-oauth2

TT-rss does not have any OAuth2 sign in providers as far as I can tell. I see a couple of plugins that could form the basis of an integration with SSO server either via SSO client or a generic OAuth2 plugin:

https://github.com/hydrian/TTRSS-Auth-LDAP

That plugin uses the existing TT-rss username/password system to perform authentication against LDAP. Some people have written custom endpoints for the SSO server that directly talk to just the Generic Login provider. I don't generally approve of that approach because it bypasses a lot of important SSO flow steps. If you only use the Generic Login provider, then it can work, but it feels pretty hacky (and increases the risk of a security vulnerability if you don't know what you are doing).

https://github.com/tsmgeek/ttrss-auth-saml

That plugin implements SAML and appears to completely override the TT-rss login system when the user clicks the SSO button. The approach is similar to how a SSO client would be integrated (i.e. complete override and do your own thing). SAML is on my possible list of additions to SSO server, but the last time I looked, SAML 2.0 was overly complex and "SimpleSAMLphp" wasn't exactly "simple". A generic OAuth2 plugin in the style of the SAML plugin could also be another implementation option and might actually be a better fit for TT-rss since it is a relatively small, consumer-facing product not needing an advanced permissions system. Plus, if there was a generic OAuth2 sign in plugin for TT-rss, it would allow TT-rss to integrate with a broad range of OAuth2-enabled solutions. I think you should reach out to the author of TT-rss and see if they would put together a generic but official OAuth2 integration for their product or maybe someone on the TT-rss forums could write one. If they do that, then you are good to go via the SSO server OAuth2 shim.
Author of Barebones CMS

If you found my reply to be helpful, be sure to donate!
All funding goes toward future product development.
Reply
#3
Thank you for the update and explanation.
My turn to be long in replying, sorry but I am a bit short in spare time.

I chose to reinstall everything and, just to mention, I had to add quotes in admin_hook.php on lines 4 and 6.
I quickly tried to setup for bookstack and Kanboard but not yet succeeded (short time again).
In Bookstack, some more code need to be modified as it redirects to the google page.

I'll come back later with my progress (not so soon but I'll try to do that quickly!).
Reply
#4
"I chose to reinstall everything and, just to mention, I had to add quotes in admin_hook.php on lines 4 and 6."

Can you clarify what you mean by this?
Author of Barebones CMS

If you found my reply to be helpful, be sure to donate!
All funding goes toward future product development.
Reply
#5
Sorry, actually, wanting to go fast and didn't follow the correct install process.
So, irrelevant post.

I am on the kanboard plugin now and I fall on Session ID expected. 
I'll post the correct setup when I succeed.
Reply
#6
"Session ID expected" usually means you are visiting the frontend of the SSO server (the 'index.php' file of the server, not the client) without first establishing a valid SSO server session via the client. Or, in this case, you are probably using the OAuth2 index.php.
Author of Barebones CMS

If you found my reply to be helpful, be sure to donate!
All funding goes toward future product development.
Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)