Shibboleth and other auth modules

From VoIPmonitor.org
Revision as of 14:23, 10 November 2025 by Festr (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Shibboleth/REMOTE_USER Authentication

This feature integrates external authentication (e.g., Shibboleth) with VoIPmonitor GUI using the REMOTE_USER server variable.

Prerequisites

  • Installed and functional Shibboleth module in Apache2 (or similar software). Installation is beyond this document's scope.
  • Any auth module that sends username via REMOTE_USER (e.g., mod_auth_openidc or mod_auth_mellon).
  • Web server handles all authentication; GUI receives only the result. Access to GUI redirects for auth if needed.

How It Works

When enabled, GUI checks REMOTE_USER (from Shibboleth SP) and uses it as login name.

Configuration

  • Enable in GUI > Settings > System Configuration > Use Shibboleth/REMOTE_USER for auth.
  • GUI users still required for privileges.
  • Set one user as default for Shibboleth via GUI > Users & Audit > Users > Selected User > Default Shibboleth/REMOTE_USER account checkbox.

Usage

  • After auth, Shibboleth/REMOTE_USER button appears in GUI login dialog.
  • Clicking uses REMOTE_USER as GUI user for privileges.
  • If user not found, default Shibboleth user is used (if set).
  • Login completes.

Logout

  • Logout URL constructed from Shib-Handler header + '/Logout', or HTTP_HOST + '/Shibboleth.sso/Logout'.
  • Set custom URL in GUI > Settings > System Configuration > Logout URL for Shibboleth/REMOTE_USER.

Disable Login Window

  • Disable completely in GUI > Settings > System Configuration > Disable login window completely.

User's Language Setting

  • With login window disabled, set per-user language in GUI > Users & Audit > Users > Selected User.

Usage with Custom Login Script

  • Compatible; REMOTE_USER passed to script.
  • Script must return structure as in WEB_API#Custom_Login.
  • Note: Internal GUI users take precedence over custom login users.

AI Summary for RAG

Summary: This article covers integrating Shibboleth or REMOTE_USER authentication with VoIPmonitor GUI, including prerequisites, configuration, usage, logout, disabling login window, language settings, and custom script compatibility.

Keywords: Shibboleth, REMOTE_USER, authentication, GUI settings, privileges, logout URL, custom login script, default account

Key Questions:

  • What are prerequisites for Shibboleth/REMOTE_USER auth?
  • How does REMOTE_USER authentication work in VoIPmonitor?
  • How to configure Shibboleth auth in GUI?
  • What happens during Shibboleth login usage?
  • How is logout handled for Shibboleth?
  • Can the login window be disabled?
  • How to set user language without login window?
  • Is it compatible with custom login scripts?
Retrieved from "https://www.voipmonitor.org//doc/index.php?title=Shibboleth_and_other_auth_modules&oldid=5728"