diff --git a/application/loginwebpage.class.inc.php b/application/loginwebpage.class.inc.php index 349bb6d83..90c6aa592 100644 --- a/application/loginwebpage.class.inc.php +++ b/application/loginwebpage.class.inc.php @@ -88,7 +88,7 @@ EOF { switch($sLoginType) { - case 'popup': + case 'basic': case 'url': $this->add_header('WWW-Authenticate: Basic realm="'.Dict::Format('UI:iTopVersion:Short', ITOP_VERSION)); $this->add_header('HTTP/1.0 401 Unauthorized'); @@ -96,7 +96,7 @@ EOF $this->add('

'.Dict::S('UI:Login:Error:AccessRestricted').'

'); break; - case 'remote': + case 'external': case 'form': default: // In case the settings get messed up... $sAuthUser = utils::ReadParam('auth_user', ''); @@ -248,29 +248,33 @@ EOF } break; - case 'popup': + case 'basic': // Standard PHP authentication method, works with Apache... // Case 1) Apache running in CGI mode + rewrite rules in .htaccess if (isset($_SERVER['HTTP_AUTHORIZATION']) && !empty($_SERVER['HTTP_AUTHORIZATION'])) { list($sAuthUser, $sAuthPwd) = explode(':' , base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6))); - $sLoginMode = 'popup'; + $sLoginMode = 'basic'; } else if (isset($_SERVER['PHP_AUTH_USER'])) { $sAuthUser = $_SERVER['PHP_AUTH_USER']; $sAuthPwd = $_SERVER['PHP_AUTH_PW']; - $sLoginMode = 'popup'; + $sLoginMode = 'basic'; } break; - case 'remote': + case 'external': // Web server supplied authentication - if (isset($_SERVER['REMOTE_USER'])) - { - $sAuthUser = $_SERVER['REMOTE_USER']; + $bExternalAuth = false; + $sExtAuthVar = utils::GetConfig()->GetExternalAuthenticationVariable(); // In which variable is the info passed ? + $sEval = '$bExternalAuth = isset('.$sExtAuthVar.');'; + eval($sEval); + if ($bExternalAuth) + { + eval('$sAuthUser = '.$sExtAuthVar.';'); // Retrieve the value $sAuthPwd = ''; // No password in this case the web server already authentified the user... - $sLoginMode = 'remote'; + $sLoginMode = 'external'; $sAuthentication = 'external'; } break; diff --git a/application/utils.inc.php b/application/utils.inc.php index fd8ca1504..e375572f4 100644 --- a/application/utils.inc.php +++ b/application/utils.inc.php @@ -236,7 +236,7 @@ class utils * Tells whether or not log off operation is supported. * Actually in only one case: * 1) iTop is using an internal authentication - * 2) the user did not log-in using the "popup" mode (i.e basic authentication) or by passing credentials in the URL + * 2) the user did not log-in using the "basic" mode (i.e basic authentication) or by passing credentials in the URL * @return boolean True if logoff is supported, false otherwise */ static function CanLogOff() diff --git a/core/config.class.inc.php b/core/config.class.inc.php index 7bcb184e8..efc867428 100644 --- a/core/config.class.inc.php +++ b/core/config.class.inc.php @@ -43,7 +43,8 @@ define ('DEFAULT_MAX_DISPLAY_LIMIT', 15); define ('DEFAULT_STANDARD_RELOAD_INTERVAL', 5*60); define ('DEFAULT_FAST_RELOAD_INTERVAL', 1*60); define ('DEFAULT_SECURE_CONNECTION_REQUIRED', false); -define ('DEFAULT_ALLOWED_LOGIN_TYPES', 'form|popup|remote|url'); +define ('DEFAULT_ALLOWED_LOGIN_TYPES', 'form|basic|external'); +define ('DEFAULT_EXT_AUTH_VARIABLE', '$_SERVER[\'REMOTE_USER\']'); /** * Config @@ -106,9 +107,14 @@ class Config protected $m_sDefaultLanguage; /** - * @var string Type of login process allowed: form|popup|url|remote + * @var string Type of login process allowed: form|basic|url|external */ protected $m_sAllowedLoginTypes; + + /** + * @var string Name of the PHP variable in which external authentication information is passed by the web server + */ + protected $m_sExtAuthVariable; public function __construct($sConfigFile, $bLoadConfig = true) { @@ -156,6 +162,7 @@ class Config $this->m_bSecureConnectionRequired = DEFAULT_SECURE_CONNECTION_REQUIRED; $this->m_sDefaultLanguage = 'EN US'; $this->m_sAllowedLoginTypes = DEFAULT_ALLOWED_LOGIN_TYPES; + $this->m_sExtAuthVariable = DEFAULT_EXT_AUTH_VARIABLE; $this->m_aModuleSettings = array(); @@ -255,6 +262,7 @@ class Config $this->m_sDefaultLanguage = isset($MySettings['default_language']) ? trim($MySettings['default_language']) : 'EN US'; $this->m_sAllowedLoginTypes = isset($MySettings['allowed_login_types']) ? trim($MySettings['allowed_login_types']) : DEFAULT_ALLOWED_LOGIN_TYPES; + $this->m_sExtAuthVariable = isset($MySettings['ext_auth_variable']) ? trim($MySettings['ext_auth_variable']) : DEFAULT_EXT_AUTH_VARIABLE; } protected function Verify() @@ -408,6 +416,11 @@ class Config return explode('|', $this->m_sAllowedLoginTypes); } + public function GetExternalAuthenticationVariable() + { + return $this->m_sExtAuthVariable; + } + public function SetDBHost($sDBHost) { $this->m_sDBHost = $sDBHost; @@ -488,6 +501,11 @@ class Config $this->m_sAllowedLoginTypes = implode('|', $aAllowedLoginTypes); } + public function SetExternalAuthenticationVariable($sExtAuthVariable) + { + $this->m_sExtAuthVariable = $sExtAuthVariable; + } + public function FileIsWritable() { return is_writable($this->m_sFile); diff --git a/dictionaries/fr.dictionary.itop.ui.php b/dictionaries/fr.dictionary.itop.ui.php index 5e652a05f..dec3b9e16 100644 --- a/dictionaries/fr.dictionary.itop.ui.php +++ b/dictionaries/fr.dictionary.itop.ui.php @@ -83,7 +83,7 @@ Dict::Add('FR FR', 'French', 'Français', array( // Class: User // -Dict::Add('EN US', 'French', 'Français', array( +Dict::Add('FR FR', 'French', 'Français', array( 'Class:User' => 'Utilisateur', 'Class:User+' => 'Compte utilisateur', 'Class:User/Attribute:finalclass' => 'Type de compte',