Welcome to the Question2Answer Q&A. There's also a demo if you just want to try it out.

SAML 2.0 Authentication

+2 votes
49 views
asked Sep 6 in Q2A Core by neo8820
Hello,

I'm building a q2a site which will be protected by a security filter that will require users to be authenticated via SAML 2.0/SSO.  An unauthenticated user attempting to access the site will be intercepted by the filter, redirected to a login portal and then redirected back to the original site.  Attributes sent back from the login portal are extracted and added as keys which can be retrieved with this php

foreach($_SERVER as $key=>$value) {
  if(substr($key, 0, 7) == 'MELLON_') {
    echo($key . '=' . $value . "\r\n");
  }
}

Note: MELLON is just the prefix the security filter adds to attributes passed from the login portal.  Some of the attributes I'll get back are name, email, userid etc.  Ideally, what I'd like to do is create a user if they don't exist using the attributes or if they do exist go on and log them in.  I'm pretty sure I'll be using the qa_create_new_user function.  But what other functions would be useful?

My question is what is am I on the right track?  What is the best way to implement this (perhaps a plugin but what to override and how)  I'd want to disable the login/register links since this would be done automatically in my use case.  How can this be done?

I don't believe the out of box q2a SSO solution will work because it seems more focused on user databases than an external authentication provider.
Q2A version: 1.7.5

1 Answer

+1 vote
answered Sep 6 by Scott

Have you looked at Login Modules? They should be more suited to that kind of "visit an external website to log in" system.

The only issue with that is there is currently no method to properly disable the regular Q2A login, besides editing the core files qa-include/pages/login.php and qa-include/pages/register.php to prevent doing anything. This may be fixed in future though.

...