|
|
| (6 intermediate revisions by the same user not shown) |
| Line 1: |
Line 1: |
| == Shibboleth/REMOTE_USER Authentication ==
| | #REDIRECT [[REMOTE_USER_Authentication]] |
| | |
| This feature integrates external authentication (e.g., Shibboleth) with VoIPmonitor GUI using the REMOTE_USER server variable.
| |
| | |
| === Prerequisites ===
| |
| | |
| * Installed and functional Shibboleth module in Apache2 (or similar software). Installation is beyond this document's scope.
| |
| * Any auth module that sends username via REMOTE_USER (e.g., mod_auth_openidc or mod_auth_mellon).
| |
| * Web server handles all authentication; GUI receives only the result. Access to GUI redirects for auth if needed.
| |
| | |
| === How It Works ===
| |
| | |
| When enabled, GUI checks REMOTE_USER (from Shibboleth SP) and uses it as login name.
| |
| | |
| === Configuration ===
| |
| | |
| * Enable in '''GUI > Settings > System Configuration > Use Shibboleth/REMOTE_USER for auth'''.
| |
| * GUI users still required for privileges.
| |
| * Set one user as default for Shibboleth via '''GUI > Users & Audit > Users > Selected User > Default Shibboleth/REMOTE_USER account''' checkbox.
| |
| | |
| === Usage ===
| |
| | |
| * After auth, Shibboleth/REMOTE_USER button appears in GUI login dialog.
| |
| * Clicking uses REMOTE_USER as GUI user for privileges.
| |
| * If user not found, default Shibboleth user is used (if set).
| |
| * Login completes.
| |
| | |
| === Logout ===
| |
| | |
| * Logout URL constructed from Shib-Handler header + '/Logout', or HTTP_HOST + '/Shibboleth.sso/Logout'.
| |
| * Set custom URL in '''GUI > Settings > System Configuration > Logout URL for Shibboleth/REMOTE_USER'''.
| |
| | |
| === Disable Login Window ===
| |
| | |
| * Disable completely in '''GUI > Settings > System Configuration > Disable login window completely'''.
| |
| | |
| === User's Language Setting ===
| |
| | |
| * With login window disabled, set per-user language in '''GUI > Users & Audit > Users > Selected User'''.
| |
| | |
| === Usage with Custom Login Script ===
| |
| | |
| * Compatible; REMOTE_USER passed to script.
| |
| * Script must return structure as in [[WEB_API#Custom_Login]].
| |
| * Note: Internal GUI users take precedence over custom login users.
| |
| | |
| === AI Summary for RAG ===
| |
| | |
| '''Summary:''' This article covers integrating Shibboleth or REMOTE_USER authentication with VoIPmonitor GUI, including prerequisites, configuration, usage, logout, disabling login window, language settings, and custom script compatibility.
| |
| | |
| '''Keywords:''' Shibboleth, REMOTE_USER, authentication, GUI settings, privileges, logout URL, custom login script, default account
| |
| | |
| '''Key Questions:'''
| |
| * What are prerequisites for Shibboleth/REMOTE_USER auth?
| |
| * How does REMOTE_USER authentication work in VoIPmonitor?
| |
| * How to configure Shibboleth auth in GUI?
| |
| * What happens during Shibboleth login usage?
| |
| * How is logout handled for Shibboleth?
| |
| * Can the login window be disabled?
| |
| * How to set user language without login window?
| |
| * Is it compatible with custom login scripts?
| |