Shibboleth and other auth modules: Difference between revisions
No edit summary |
No edit summary |
||
| (5 intermediate revisions by one other user not shown) | |||
| Line 1: | Line 1: | ||
== | == Shibboleth/REMOTE_USER Authentication == | ||
This feature integrates external authentication (e.g., Shibboleth) with VoIPmonitor GUI using the REMOTE_USER server variable. | |||
== | === Prerequisites === | ||
* Installed and functional Shibboleth module in Apache2 (or similar software). Installation is beyond this document's scope. | |||
* Any auth module that sends username via REMOTE_USER (e.g., mod_auth_openidc or mod_auth_mellon). | |||
* Web server handles all authentication; GUI receives only the result. Access to GUI redirects for auth if needed. | |||
== | === How It Works === | ||
When enabled, GUI checks REMOTE_USER (from Shibboleth SP) and uses it as login name. | |||
== | === Configuration === | ||
* | * Enable in '''GUI > Settings > System Configuration > Use Shibboleth/REMOTE_USER for auth'''. | ||
* | * GUI users still required for privileges. | ||
* | * Set one user as default for Shibboleth via '''GUI > Users & Audit > Users > Selected User > Default Shibboleth/REMOTE_USER account''' checkbox. | ||
== | === Usage === | ||
* | * After auth, Shibboleth/REMOTE_USER button appears in GUI login dialog. | ||
* | * Clicking uses REMOTE_USER as GUI user for privileges. | ||
* If user not found, default Shibboleth user is used (if set). | |||
* Login completes. | |||
== | === Logout === | ||
* | * Logout URL constructed from Shib-Handler header + '/Logout', or HTTP_HOST + '/Shibboleth.sso/Logout'. | ||
* Set custom URL in '''GUI > Settings > System Configuration > Logout URL for Shibboleth/REMOTE_USER'''. | |||
== | === Disable Login Window === | ||
* | * Disable completely in '''GUI > Settings > System Configuration > Disable login window completely'''. | ||
== | === User's Language Setting === | ||
* | * With login window disabled, set per-user language in '''GUI > Users & Audit > Users > Selected User'''. | ||
* | |||
* Note: | === Usage with Custom Login Script === | ||
* Compatible; REMOTE_USER passed to script. | |||
* Script must return structure as in [[WEB_API#Custom_Login]]. | |||
* Note: Internal GUI users take precedence over custom login users. | |||
=== AI Summary for RAG === | |||
'''Summary:''' This article covers integrating Shibboleth or REMOTE_USER authentication with VoIPmonitor GUI, including prerequisites, configuration, usage, logout, disabling login window, language settings, and custom script compatibility. | |||
'''Keywords:''' Shibboleth, REMOTE_USER, authentication, GUI settings, privileges, logout URL, custom login script, default account | |||
'''Key Questions:''' | |||
* What are prerequisites for Shibboleth/REMOTE_USER auth? | |||
* How does REMOTE_USER authentication work in VoIPmonitor? | |||
* How to configure Shibboleth auth in GUI? | |||
* What happens during Shibboleth login usage? | |||
* How is logout handled for Shibboleth? | |||
* Can the login window be disabled? | |||
* How to set user language without login window? | |||
* Is it compatible with custom login scripts? | |||
Latest revision as of 14:23, 10 November 2025
Shibboleth/REMOTE_USER Authentication
This feature integrates external authentication (e.g., Shibboleth) with VoIPmonitor GUI using the REMOTE_USER server variable.
Prerequisites
- Installed and functional Shibboleth module in Apache2 (or similar software). Installation is beyond this document's scope.
- Any auth module that sends username via REMOTE_USER (e.g., mod_auth_openidc or mod_auth_mellon).
- Web server handles all authentication; GUI receives only the result. Access to GUI redirects for auth if needed.
How It Works
When enabled, GUI checks REMOTE_USER (from Shibboleth SP) and uses it as login name.
Configuration
- Enable in GUI > Settings > System Configuration > Use Shibboleth/REMOTE_USER for auth.
- GUI users still required for privileges.
- Set one user as default for Shibboleth via GUI > Users & Audit > Users > Selected User > Default Shibboleth/REMOTE_USER account checkbox.
Usage
- After auth, Shibboleth/REMOTE_USER button appears in GUI login dialog.
- Clicking uses REMOTE_USER as GUI user for privileges.
- If user not found, default Shibboleth user is used (if set).
- Login completes.
Logout
- Logout URL constructed from Shib-Handler header + '/Logout', or HTTP_HOST + '/Shibboleth.sso/Logout'.
- Set custom URL in GUI > Settings > System Configuration > Logout URL for Shibboleth/REMOTE_USER.
Disable Login Window
- Disable completely in GUI > Settings > System Configuration > Disable login window completely.
User's Language Setting
- With login window disabled, set per-user language in GUI > Users & Audit > Users > Selected User.
Usage with Custom Login Script
- Compatible; REMOTE_USER passed to script.
- Script must return structure as in WEB_API#Custom_Login.
- Note: Internal GUI users take precedence over custom login users.
AI Summary for RAG
Summary: This article covers integrating Shibboleth or REMOTE_USER authentication with VoIPmonitor GUI, including prerequisites, configuration, usage, logout, disabling login window, language settings, and custom script compatibility.
Keywords: Shibboleth, REMOTE_USER, authentication, GUI settings, privileges, logout URL, custom login script, default account
Key Questions:
- What are prerequisites for Shibboleth/REMOTE_USER auth?
- How does REMOTE_USER authentication work in VoIPmonitor?
- How to configure Shibboleth auth in GUI?
- What happens during Shibboleth login usage?
- How is logout handled for Shibboleth?
- Can the login window be disabled?
- How to set user language without login window?
- Is it compatible with custom login scripts?