Aller à : navigation, rechercher

Socle Technique / How to connect a SSO

Declare a SSO login method

Open the following XML config file : apps/maarch_entreprise/xml/login_method.xml

Comment all existing login method and add this one :

    <METHOD>
        <ID>sso</ID>
        <NAME>_SSO_LOGIN</NAME>
        <SCRIPT>sso_connect.php</SCRIPT>
        <ENABLED>true</ENABLED>
    </METHOD>

At the end, you must have the content of the xml config file will be like this :

<?xml version="1.0" encoding="utf-8"?>
<ROOT>
    <!--<METHOD>
        <ID>activex</ID>
        <NAME>_ACTIVEX_LOGIN</NAME>
        <SCRIPT>auto_connect_activex.php</SCRIPT>
        <ENABLED>false</ENABLED>
    </METHOD>
    <METHOD>
        <ID>standard</ID>
        <NAME>_STANDARD_LOGIN</NAME>
        <SCRIPT>standard_connect.php</SCRIPT>
        <ENABLED>true</ENABLED>
    </METHOD>-->
    <METHOD>
        <ID>sso</ID>
        <NAME>_SSO_LOGIN</NAME>
        <SCRIPT>sso_connect.php</SCRIPT>
        <ENABLED>true</ENABLED>
    </METHOD>
</ROOT>

Setup the SSO connection

Open the following XML config file : apps/maarch_entreprise/xml/mapping_sso.xml

This config file allows you to map HTTP headers from the SSO to the Maarch connection protocol.

Here is the content of this file :

<?xml version="1.0" encoding="utf-8"?>
<ROOT>
	<WEB_SSO_URL>http://192.168.21.26/websso/</WEB_SSO_URL> <!-- SSO URL -->
	<USER_ID>nigend</USER_ID> <!-- user_id in maarch -->
	<USER_NAME> <!-- lastname, firstname in maarch -->
		<FULL_NAME>uid</FULL_NAME>
		<SEP_TOKEN>.</SEP_TOKEN>
	</USER_NAME>
	<EMAIL>codeunite</EMAIL> <!-- email of maarch user -->
	<GROUPS> <!-- user maarch groups -->
		<GROUP_ID>qualification</GROUP_ID>
		<SEP_TOKEN>,</SEP_TOKEN>
	</GROUPS>
	<ENTITIES> <!-- user maarch entities -->
		<ENTITY_ID>departement_uid</ENTITY_ID>
		<SEP_TOKEN>,</SEP_TOKEN>
	</ENTITIES>
</ROOT>

for exemple each HEADER must be like this :

  • HTTP_NIGEND
  • HTTP_UID
  • HTTP_CODEUNITE
  • HTTP_QUALIFICATION
  • HTTP_DEPARTMENT_UID

Retrieve SSO HEADERS and connect to Maarch

As you can see we retrieve these HEADERS in apps/maarch_entreprise/sso_connect.php (getHeaders function) in the php env var $_SERVER, example :

  • $_SERVER['HTTP_NIGEND']
  • $_SERVER['HTTP_UID']
  • ...

This php file connect the SSO user with information in the HEADER.

If the user not exists in Maarch, this script create it on the fly.

If the user requested already exists, this script update some informations like lastname, firstname, groups, entities.