OPNsense Forum

English Forums => Development and Code Review => Topic started by: domg on July 16, 2016, 02:03:01 pm

Title: Add a new authentication in plugin available in Proxy
Post by: domg on July 16, 2016, 02:03:01 pm

Hi,

I'd like to a add a new authentication mode (SSO Proxy AD) in Proxy if my plugin is enabled by default only 'Local database' is available. I only want to select this new mode to add the correct code in squid.conf with template.

How can I do this?
TIA

Title: Re: Add a new authentication in plugin available in Proxy
Post by: domg on July 22, 2016, 10:50:52 pm

Hi,

I've made the following change to system_authservers.php, it adds a new type

Code: [Select]

--- /usr/local/www/system_authservers.php.orig  2016-06-28 02:34:37.049306000 +0200
+++ system_authservers.php      2016-06-28 02:35:55.390666000 +0200
@@ -35,7 +35,8 @@
     'ldap' => gettext("LDAP"),
     'radius' => gettext("Radius"),
     'voucher' => gettext("Voucher"),
-    'totp' => gettext("Local + Timebased One Time Password")
+    'totp' => gettext("Local + Timebased One Time Password"),
+    'ssoproxyad' => gettext("SSO Proxy AD")
 );
 
 
@@ -354,6 +355,7 @@
         $(".auth_ldap").addClass('hidden');
         $(".auth_voucher").addClass('hidden');
         $(".auth_totp").addClass('hidden');
+        $(".auth_ssoproxyad").addClass('hidden');
         if ($("#type").val() == 'ldap') {
             $(".auth_ldap").removeClass('hidden');
         } else if ($("#type").val() == 'radius') {
@@ -362,6 +364,8 @@
           $(".auth_voucher").removeClass('hidden');
       } else if ($("#type").val() == 'totp') {
           $(".auth_totp").removeClass('hidden');
+      } else if ($("#type").val() == 'ssoproxyad') {
+          $(".auth_ssoproxyad").removeClass('hidden');
         }
     });
Now in squid.conf template I can retrieve the name with "OPNsense.proxy.forward.authentication.method" but what about its type ?

TIA

Title: Re: Add a new authentication in plugin available in Proxy
Post by: domg on July 27, 2016, 12:20:58 am

Hi,

I'm still trying to find a way to retrieve the type of authentification method, is this possible ?

Title: Re: Add a new authentication in plugin available in Proxy
Post by: sagem2004 on July 29, 2016, 08:23:21 am

UP

Title: Re: Add a new authentication in plugin available in Proxy
Post by: franco on July 29, 2016, 08:38:15 am

Hi domg,

I don't know what you mean about type? Isn't the name the type?

Is the SASL client for OpenLDAP still needed? I promised to get that into 16.7.x if there are no problems. :)


Cheers,
Franco

Title: Re: Add a new authentication in plugin available in Proxy
Post by: domg on July 29, 2016, 08:51:29 am

Hi franco,

OPNsense.proxy.forward.authentication.method retrieve the name of the authserver configured in system_authservers.php
buf for adding the correct configuration in squid.conf I need the type of the authserver "ssoproxyad"

SASL is still needed for msktutil.

Thanks

Title: Re: Add a new authentication in plugin available in Proxy
Post by: franco on July 29, 2016, 09:14:06 am

Can we take this to IRC? :)

I'll work on the SASL, ok.

Title: Re: Add a new authentication in plugin available in Proxy
Post by: domg on July 29, 2016, 11:56:20 am

Sure.