Difference between revisions of "Freeside:4:Documentation:Developer:Authentication Plugins"
(→Example) |
(→Creation) |
||
(One intermediate revision by the same user not shown) | |||
Line 1: | Line 1: | ||
= Purpose = | = Purpose = | ||
− | Authentication plugins are useful for integration with external authentication (and, optionally, authorization) systems. | + | Authentication plugins are useful for integration with external authentication (and, optionally, authorization) systems, to integrate backoffice logins with your company-wide directory or single-sign-on. |
= Creation = | = Creation = | ||
Line 7: | Line 7: | ||
To create an authentication plugin, add a module in FS/FS/Auth/ such as FS/FS/Auth/my_external_auth.pm | To create an authentication plugin, add a module in FS/FS/Auth/ such as FS/FS/Auth/my_external_auth.pm | ||
− | Inherit from FS::Auth::external. One method needs to be provided, " | + | Inherit from FS::Auth::external. One method needs to be provided, "authenticate". See the template below for an example. |
= Activation = | = Activation = |
Latest revision as of 11:58, 13 May 2013
Contents
Purpose
Authentication plugins are useful for integration with external authentication (and, optionally, authorization) systems, to integrate backoffice logins with your company-wide directory or single-sign-on.
Creation
To create an authentication plugin, add a module in FS/FS/Auth/ such as FS/FS/Auth/my_external_auth.pm
Inherit from FS::Auth::external. One method needs to be provided, "authenticate". See the template below for an example.
Activation
Set the authentication_module configuration setting to the name of your plugin (for now: either manually in the database, or by adding it to the options for authentication_module in FS/FS/Conf.pm).
Optionally, set the external_auth-access_group-template_user configuration setting to the username of a template user. Access groups will be copied from the template user. (A different template user can also be supplied by your plugin, overriding this default.)
Template
Here is a template for authentication plugins:
package FS::Auth::my_external_auth; use base qw( FS::Auth::external ); #need to inherit from ::external use strict; sub authenticate { my($self, $username, $check_password, $info ) = @_; #your magic happens here if ( $auth_good ) { #optionally return a real name #$info->{'first'} = "Jean"; #$info->{'last'} = "D'eau"; #optionally return a template username to copy access groups from that user #$info->{'template_user'} = 'username'; return 1; } else { return 0; } } 1;
Example
Here is an example plugin which authenticates anyone with a username starting with "joe":
package FS::Auth::onlyjoe; use base qw( FS::Auth::external ); #need to inherit from ::external use strict; sub authenticate { my($self, $username, $check_password, $info ) = @_; if ( $username =~ /^joe(.*)$/ ) { $info->{'first'} = 'Joe'; $info->{'last'} = $1; $info->{'template_user'} = 'ivan'; return 1; } else { return 0; } } 1;