Shibboleth and other auth modules: Difference between revisions

Revision as of 08:52, 4 January 2026

SSO Authentication Support in VoIPmonitor GUI

The VoIPmonitor GUI supports Single Sign-On (SSO) authentication through specific providers.

Currently Supported SSO Methods

Google Sign-In (OAuth 2.0) - Fully supported and documented

Unsupported SSO Methods

Shibboleth - Not supported at this time
SAML-based SSO - Not supported at this time
LDAP - Direct LDAP integration is not supported (use custom login script instead)

Future Support

Support for additional SSO methods (including Shibboleth) is planned for a future release. Check the FAQ or release notes for updates on features under development.

Alternative: Custom Login Scripts

If you need to integrate with an authentication system not natively supported (such as LDAP, Shibboleth, or custom SSO), you can implement a custom login script using the Web API.

For LDAP examples, see the `scripts/ldap_custom_login_example.php` file in your GUI directory.

AI Summary for RAG

Summary: This page clarifies which SSO authentication methods are supported in VoIPmonitor GUI, which are not, and alternatives for custom authentication integration.

Keywords: SSO, single sign-on, authentication, Google Sign-In, OAuth, Shibboleth, LDAP, custom login, unsupported

Key Questions:

Which SSO methods are currently supported in VoIPmonitor GUI?
Is Shibboleth authentication supported in VoIPmonitor?
How can I integrate VoIPmonitor with LDAP or other unsupported auth methods?
What is the current status of SSO support in VoIPmonitor?
Is Google Sign-In available for VoIPmonitor GUI?

@@ Line 1: / Line 1: @@
-== Shibboleth/REMOTE_USER Authentication ==
+{{DISPLAYTITLE:SSO Authentication Support}}
-This feature integrates external authentication (e.g., Shibboleth) with VoIPmonitor GUI using the REMOTE_USER server variable.
+== SSO Authentication Support in VoIPmonitor GUI ==
-=== Prerequisites ===
+The VoIPmonitor GUI supports Single Sign-On (SSO) authentication through specific providers.
-* Installed and functional Shibboleth module in Apache2 (or similar software). Installation is beyond this document's scope.
+=== Currently Supported SSO Methods ===
-* Any auth module that sends username via REMOTE_USER (e.g., mod_auth_openidc or mod_auth_mellon).
-* Web server handles all authentication; GUI receives only the result. Access to GUI redirects for auth if needed.
-=== How It Works ===
+* '''[[Google_Sign_in_usage|Google Sign-In (OAuth 2.0)]]''' - Fully supported and documented
-When enabled, GUI checks REMOTE_USER (from Shibboleth SP) and uses it as login name.
+=== Unsupported SSO Methods ===
-=== Configuration ===
+* '''Shibboleth''' - Not supported at this time
+* '''SAML-based SSO''' - Not supported at this time
+* '''LDAP''' - Direct LDAP integration is not supported (use custom login script instead)
-* Enable in '''GUI > Settings > System Configuration > Use Shibboleth/REMOTE_USER for auth'''.
+=== Future Support ===
-* GUI users still required for privileges.
-* Set one user as default for Shibboleth via '''GUI > Users & Audit > Users > Selected User > Default Shibboleth/REMOTE_USER account''' checkbox.
-=== Usage ===
+Support for additional SSO methods (including Shibboleth) is planned for a future release. Check the [[FAQ|FAQ]] or release notes for updates on features under development.
-* After auth, Shibboleth/REMOTE_USER button appears in GUI login dialog.
+=== Alternative: Custom Login Scripts ===
-* Clicking uses REMOTE_USER as GUI user for privileges.
-* If user not found, default Shibboleth user is used (if set).
-* Login completes.
-=== Logout ===
+If you need to integrate with an authentication system not natively supported (such as LDAP, Shibboleth, or custom SSO), you can implement a '''custom login script''' using the [[WEB_API#Custom_Login|Web API]].
-* Logout URL constructed from Shib-Handler header + '/Logout', or HTTP_HOST + '/Shibboleth.sso/Logout'.
+For LDAP examples, see the `scripts/ldap_custom_login_example.php` file in your GUI directory.
-* Set custom URL in '''GUI > Settings > System Configuration > Logout URL for Shibboleth/REMOTE_USER'''.
-=== Disable Login Window ===
-* Disable completely in '''GUI > Settings > System Configuration > Disable login window completely'''.
-=== User's Language Setting ===
-* With login window disabled, set per-user language in '''GUI > Users & Audit > Users > Selected User'''.
-=== Usage with Custom Login Script ===
-* Compatible; REMOTE_USER passed to script.
-* Script must return structure as in [[WEB_API#Custom_Login]].
-* Note: Internal GUI users take precedence over custom login users.
 === AI Summary for RAG ===
-'''Summary:''' This article covers integrating Shibboleth or REMOTE_USER authentication with VoIPmonitor GUI, including prerequisites, configuration, usage, logout, disabling login window, language settings, and custom script compatibility.
+'''Summary:''' This page clarifies which SSO authentication methods are supported in VoIPmonitor GUI, which are not, and alternatives for custom authentication integration.
-'''Keywords:''' Shibboleth, REMOTE_USER, authentication, GUI settings, privileges, logout URL, custom login script, default account
+'''Keywords:''' SSO, single sign-on, authentication, Google Sign-In, OAuth, Shibboleth, LDAP, custom login, unsupported
 '''Key Questions:'''
-* What are prerequisites for Shibboleth/REMOTE_USER auth?
+* Which SSO methods are currently supported in VoIPmonitor GUI?
-* How does REMOTE_USER authentication work in VoIPmonitor?
+* Is Shibboleth authentication supported in VoIPmonitor?
-* How to configure Shibboleth auth in GUI?
+* How can I integrate VoIPmonitor with LDAP or other unsupported auth methods?
-* What happens during Shibboleth login usage?
+* What is the current status of SSO support in VoIPmonitor?
-* How is logout handled for Shibboleth?
+* Is Google Sign-In available for VoIPmonitor GUI?
-* Can the login window be disabled?
-* How to set user language without login window?
-* Is it compatible with custom login scripts?