vjAuthPlugin - 2.1.1

AD authentification and SSO plugin.

You are currently browsing
the website for symfony 1

Visit the Symfony2 website


« Back to the Plugins Home

Signin


Forgot your password?
Create an account

Tools

Stats

advanced search
Information Readme Releases Changelog Contribute
Show source

vjAuthPlugin

The vjAuthPlugin packages authentification using Active Directory and Single Sign On (SSO) with NTLM protocol if activated.

Installation

  • Install the plugin

    $ symfony plugin:install vjAuthPlugin
    
  • Create the link to vjAuthPlugin's css files

    $ symfony plugin:publish-assets
    
  • Clear the cache

    $ symfony cache:clear
    

Secure your application

To secure a symfony application:

  • Enable the module vjAuthPlugin in settings.yml

     all:
       .settings:
         enabled_modules: [..., vjAuthLogin]
    
  • Change the default login modules in settings.yml

      login_module:           vjAuthLogin
      login_action:           login
    
  • SF 1.3/1.4 : Secure some modules or your entire application in security.yml

      default:
        is_secure: true
    
  • Add some parameters in app.yml

      all:          
        ad:
          options:   # theses options are usefull for the adldap class, the documentation is online
            account_suffix:            '@mysite.fr'
            base_dn:                   'DC=mysite,DC=fr'
            domain_controllers:        [ "myDC1.mysite.fr", "myDC2.mysite.fr" ]
            ad_username:               'username_administrator_active_directory'
            ad_password:               'password_administrator_active_directory'
            recursive_groups:          false
          group_prefix:                PREFIX_
          group_authorize:             GROUP     # the real name of the group authorize to use the application is : PREFIX_GROUP
          ntlm_active:                 true      # if ntlm activated, autologon with the windows username (there are some issues with the NTLM protocol, they are documente farther in this readme)
    

NTLM Issues

The NTLM protocol talk some issues. It uses to make some modifications on each computer (for each user more precisely).

  • For Microsoft Internet Explorer, you need to modify 3 keys on the windows registry (ie for the Intranet domain : www.yourDomain.com)

      [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
      "DisableNTLMPreAuth"=dword:00000001
      "EnableNegotiate"=dword:00000000
      [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yourDomain.com]
      "*"=dword:00000001
    
  • For Mozilla Firefox, you need to modify the configuration of the browser (type about:config on the url)

      search ntlm
      network.automatic-ntlm-auth.allow-proxies   true
      network.automatic-ntlm-auth.trusted-uris    yourDomain.com
      network.ntlm.send-lm-response               true
    

Theses fixs work on IE6, IE7, IE8 and FF3.5 but I think they work too on FF2 and FF3.

TODO

  • write more documentation

  • any idea, advice, other ? please email me :)