We launched new forums in March 2019—join us there. In a hurry for help with your website? Get Help Now!
MODX Community Forums Archive

SAML Aunthentication

    • 17301
    • 932 Posts
    LK Reply #11, 7 years, 1 month ago
    But would imagine you still need to set the $user to something like this:

    $user = $modx->getObject('modUser', array ('username' => $username));


    As currently you're defining $username as $user->get('username') however $username is defined in the array already:
    'username' => $username,


    Apologies if I'm still misunderstanding - probably not the best person to advise on this one!
      ■ email: [email protected] | ■ website: https://alienbuild.uk

      The greatest compliment you can give back to us, is to spend a few seconds leaving a rating at our trustpilot: https://uk.trustpilot.com/review/alienbuild.uk about the service we provided. We always drop mention of services offered by businesses we've worked with in the past to those of interest.
      • 3749
      • 24,544 Posts
      BobRay Reply #12, 7 years, 1 month ago
      I can't see the rest of your code, but maybe this will help:

      When the plugin fires, $modx->user will be the (anonymous) user, so you never want to use $modx->user as a variable in your code (except maybe to set it).

      It's definitely not safe to authenticate anyone who has a non-empty username. wink so remove that code.

      I think what you want to do is:

      1. Authenticate the user with your SAML code based on their submitted username and password.

      2. If they fail, return false.

      2. If they pass, see if they're already in the database. If they are, return true.

      3. If they're not in the database, put them there and then return true.

        Did I help you? Buy me a beer
        Get my Book: MODX:The Official Guide
        MODX info for everyone: http://bobsguides.com/modx.html
        My MODX Extras
        Bob's Guides is now hosted at A2 MODX Hosting
        • 24676
        • 60 Posts
        rebornmedia Reply #13, 7 years, 1 month ago
        Thanks Bob!

        Thats basically what I have done. I have decided not to use a plugin for this anymore, instead I am using a snippet. This makes a slightly more seemless user experience as using a plugin and the login snippet meant that the user had to action logging in twice.

        Using a snippet they can get authentication via Saml, my snippet can then check if they exisit or not and log them in or create them.

        This seems to be working fine.

        I am using

        $modx->user->addSessionContext('web');


        To log a user in once they have been created. My only bit I am left unsure about is how to assign a user to a user group when I am creating them in my snippet. My application requires several user groups with different permissions.

        My code for this is currently. 

        $fields = array(
        'username' => $emailAddress,
        'password' => $password,
        'blocked' => '0',
        'email' => $emailAddress
    );
    
    $user = $modx->newObject('modUser');
    $user->fromArray($fields);
    
   $user->save()
          • 3749
          • 24,544 Posts
          BobRay Reply #14, 7 years, 1 month ago
          This should do it (untested)

          if (! $user->joinGroup( $groupId_or_name, $roleId_or_name)) {
   $modx->log(modX::LOG_LEVEL_ERROR, 'Join User Group failed');
);

          You should call it after $user->save(). You may have to re-get the user object first with $modx->getObject().

          If you use the IDs for group and role, it will be faster, but be sure to cast them to int because joinGroup uses isString() to tell the difference between names and IDs.


          if (! $user->joinGroup( (int) $groupId, (int) $roleId)) {

            Did I help you? Buy me a beer
            Get my Book: MODX:The Official Guide
            MODX info for everyone: http://bobsguides.com/modx.html
            My MODX Extras
            Bob's Guides is now hosted at A2 MODX Hosting