vjAuthPlugin
=================

The `vjAuthPlugin` packages authentification using Active Directory and Single Sign On (SSO) with NTLM protocol if activated.

Installation
------------

  * Install the plugin

        $ symfony plugin:install vjAuthPlugin

  * Create the link to vjAuthPlugin's css files

        $ symfony plugin:publish-assets

  * Clear the cache

        $ symfony cache:clear

Secure your application
-------------

To secure a symfony application:

  * Enable the module vjAuthPlugin in settings.yml

         all:
           .settings:
             enabled_modules: [..., vjAuthPlugin]

  * Change the default login modules in settings.yml

          login_module:           vjAuthLogin
          login_action:           index

  * Secure some modules or your entire application in security.yml

          default:
            is_secure: on

  * Add some parameters in app.yml

          all:          
            ad:
              options:   # theses options are usefull for the adldap class, the documentation is online
                account_suffix:            '@mysite.fr'
                base_dn:                   'DC=mysite,DC=fr'
                domain_controllers:        [ "myDC1.mysite.fr", "myDC2.mysite.fr" ]
                ad_username:               'username_administrator_active_directory'
                ad_password:               'password_administrator_active_directory'
                recursive_groups:          false
              group_prefix:                PREFIX_
              group_authorize:             GROUP     # the real name of the group authorize to use the application is : PREFIX_GROUP
              ntlm_active:                 true      # if ntlm activated, autologon with the windows username (there are some issues with the NTLM protocol, they are documente farther in this readme)

Forms
-----

  * vjAuthFormLogin: A form to authenticate the user with his Active Directory's Username and Password
  
Informations
-----

There is no test. I'll write some soon.

This plugin is only available in french. I won't internationalize it.

The files impacted with french are : 

  * lib/AuthUser.class.php 

          $this->setCulture('fr');

  * lib/form/doctrine/vjAuthFormLogin.class

  * modules/vjAuthLogin/actions/actions.class.php 

  * modules/vjAuthLogin/templates/indexSuccess.php 

  * modules/vjAuthLogin/config/view.yml 
  
NTLM Issues
-----

The NTLM protocol talk some issues. It uses to make some modifications on each computer (for each user more precisely).

  * For Microsoft Internet Explorer, you need to modify 3 keys on the windows registry (ie for the Intranet domain : www.yourDomain.com)

          [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
          "DisableNTLMPreAuth"=dword:00000001
          "EnableNegotiate"=dword:00000000
          [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yourDomain.com]
          "*"=dword:00000001

  * For Mozilla Firefox, you need to modify the configuration of the browser (type about:config on the url)

          search ntlm
          network.automatic-ntlm-auth.allow-proxies   true
          network.automatic-ntlm-auth.trusted-uris    yourDomain.com
          network.ntlm.send-lm-response               true

Theses fixs work on IE6, IE7, IE8 and FF3.5 but I think they work too on FF2 and FF3.

TODO
-----

  * write tests
  
  * write more documentation
  
  * any idea, advice, other ? please email me :)