Use external authentication in EE
Development and Programming
I’m a little confused about how to authenticate against an external auth mechanism in EE. I’ve written an extension that uses the login_authenticate_start hook, and uses PEAR Auth to authenticate against an IMAP server. The authentication seems to go fine (I can trace through it with the Zend Debugger and Studio and see it work), but I just get popped back to the login screen instead of continuing to the CP – no error messages that would indicate another problem.
Basically, in my extension I duped the Login::authenticate method and the Login::login_form method (in cp.login.php) and altered the section in authenticate where the password comparison actually happens. Everything else is intact, so it checks for user bans and authorization for CP access and the like.
I suspect that there’s more that my extension has to take over, but I’m not sure what, exactly. Do I need to dupe the entirety of the Login class in my extension? If I’m doing that, is it possible to just extend the Login class similar to how we can extend core classes in CI? It seems like that would be simpler, allowing me to just redefine and edit the methods that actually handle authentication.
Any tips, even short ones, would be appreciated. I’ve attached the current extension in a ZIP archive.
I’ve moved this into the extension development forum for you, since it seems to be the most appropriate place. Good luck!
Actually, I think I’ve sorted out a method for accomplishing this. Basically, if the external authentication succeeds, I’m updating the internal EE user DB with a hash of a unique token generated by uniqid(). This lets EE do everything per normal, but doesn’t require that the “real” password be stored in any form within EE.
I’d be happy to share the source code if folks are interested.
(Edit: updated to include token creation info)
Sure, it would be interesting to see, cerias.
And thank you.
These forums have a lot of good things in them, resources for when you want to try something.
I think this authentication extension would be very good to have on record how to accomplish.
Kind regards, Clive
I have a similar question.
Could you please take a look at http://ellislab.com/forums/viewthread/57974/?
Thanks,
If you have the finalized source, I would love to see it. I’m trying to authenticate against an external source and am running into issues with every method that I’ve tried. Thanks!
I am about to start creating an external auth module - however if you have already done it - I’d love to have a look at the code
I could certainly make use of authenication through IMAP if you have something working. I would love to give it a try!