Application login by SSOwat or LDAP



I’m trying to understand the mechanics of login with YunoHost, for implementing automatic account login and creation for flarum. See also this guide on Flarum’s side.

Here is what I gathered so far :

  1. Flarum can be extended to use alternative ways of login… Let’s not look too far away and consider HTTP auth or LDAP.
  2. To do so, users will have to input their credentials somewhere : flarum’s form, or SSOwat’s ?
    • If I choose the app’s form, how can I check it against YunoHost ?
      • Where do I send the Authorization: Basic ... header, and how I can check if authentification is successful ?
      • Or how can I connect directly to the LDAP server with the credentials, and get user information ?
    • If I choose SSOwat, how do I redirect the user towards SSOwat to either check if they are already connected, or to prompt them SSOwat’s login form ? Then again, how do I check if authentification is successful ? Some sort of token ?
  3. Then it’s “only” a matter of creating the user on Flarum’s side, if needed, or set a cookie to keep the authentification. I’m far from it. I can also have a hook on YunoHost’s side to interact with Flarum API to create users in Flarum DB as soon as a new user is created in YunoHost.

LDAP way seems a bit more elegant, as it may deliver also the user’s avatar ?

I’ve tried to have a look to other apps, to understand how they do it, but I’m at loss. Can I have the community’s input ?

@tituspijean, have you managed to make it work?
Thanks for your time and contributions!

Hi, sorry I missed your post
The first step is indeed to link the app to LDAP, and test this integration by logging in with the app form.
If it works, move to http auth. The header is sent by nginx. Then it depends how your app handles this header. You can look at the way other apps handle this (for instance the “hack” I did for rainloop).

Let me know how I can help further

Hi @scith, @jellium,
Thank you for this quick guideline @scith. The hard part will be to accomodate it with Flarum. :slight_smile:

I’ve started a repo for a LDAP login extension for Flarum. I have only put together a preexisting code for a SAML2 auth extension and a LDAP class for PHP. Nothing is functional, yet.


Je n’ai pas trouvé de docs pour le fonctionement de SSOWat ou l’intégration avec LDAP :
Je trouve la doc pour le packaging d’application assez incomplète.

Vous auriez des aides SVP ?
Des pointeurs ?

Je suis en train de packager “Known” : un service de microblogging auto hébergé.
Avant même de parler SSO ou LDAP, je voudrais créer automatiquement l’utilisateur principal avec le même mot de passe que celui de Yunohost.

par exemple : ynh_user_get_info ne permet pas de récupérer le mot de passe, alors que le hook post_user_create le peut …

Comment ça marche tout ça ?