We are currently trying to use Concrete5 to create an internal Intranet for the company I work for (this is a web-based server). What we would like to do is allow our employees to sign in using their Gmail and be able to see their personal calendars amongst other things on sign in.
I would like the employees to just sign in once, get automatically asked for granting permissions during the login, and then be taken to the home page.
I'm having trouble figure out how to modify Concrete5's built-in Google login to request these scopes. I am pretty bare-bones in my PHP knowledge and no amount of Google searching has really answered my question specifically for modifying the authentication for Concrete5.
So to sum up my question:
How would someone go about modifying Concrete5's Google authentication to request additional permissions? We are using 5.8.3 and are always updating as necessary, so modifying the core is not really an option to prevent overwrites in the future.
The best way to do that would be to copy the core Google login system to create a new one. You could call it Google Custom or anything you want. You could include it in the folder application/authentication or in a package, with the appropriate modifications.
But to be honest, if you're bare-bones in your PHP knowledge, it all might be a bit too difficult to achieve
Related
I decided to try Firebase. When I go to the console, I not only see my own project, but two projects that I never created or was supposed to have access to:
Those projects seem to be created by a "Rohit Travel & Tours". I can see some of the details:
When I go to Google Cloud's resource manager, sure enough, the project is also there, along with a few "My First Project" projects that seem to belong to the same people:
I'm not sure why I got access to this. It's either a dangerous bug, or a clueless admin that added one of my emails to the project.
I'd like to remove that project since it's just clutter. However, I can't find a way to remove myself from the project, and since I don't have any kind of admin access, there's nothing I can actually change there. In fact, I can't find my account listed on any of the role/member fields either, so I'm not sure what's the real story there.
So far the admin emails listed on the accounts have been unresponsive when I requested that my account be removed.
There's no way to contact Google Cloud to request that either. Apparently the only way to contact them is with a paid support account of some kind.
So my question is: is there a way for me to ever remove myself from these accounts, so I don't see them on my panels, especially the Firebase dashboard?
Or am I stuck with these app accounts forever?
When such projects show up for me, it's usually because someone added a group that I'm a member of (like all#company.com) as a collaborator to that project. If that is the cause, there is no way to remove me/you as an individual user. One of the owners on the project will have to remove the overly broad group, and replace it by either a better targeted group or by the individual users.
Also see:
How do I remove myself from a project in the Google Developer Console?
I have an application where I'd been asked to support Google sign-in. Something we've tried to do since the beginning was not require javascript for any important functions. Is it possible to perform Google Sign-in without requiring Javascript?
I've read some of the guides such as https://developers.google.com/identity/sign-in/web/sign-in and https://developers.google.com/identity/sign-in/web/backend-auth, but they all seem to have a javascript component involved.
For example, can we use only links and redirects, etc. to accomplish a Google-based authentication, along with some server-side verification?
I think what you want to do is described in the OAuth 2.0 for Server-side Web Apps documentation. Several of the sections in that doc have tabs with language specific examples and there is also an HTTP/REST tab that shows how to generically use Google's OAuth URls.
You will also want to follow Google's sign-in branding guidelines.
I've been looking for the same thing. I'm sick of popups and I don't want them in my site. It seems like there should be a way to just link to a Google page, then redirect the user back to my site. However there doesn't seem to be any documentation about how to do that.
I also agree that it shouldn't matter what programming language is being used. Google doesn't need to know that. All we need is a URI to send the user to, and some way to indicate where the user should be redirected back to.
I am building a web consisting of MediaWiki and phpBB as its subcomponents. Also WordPress may be added in future. My current problem is to choose a single unified authentication method (not to force users to have a special MediaWiki account, a special phpBB account, etc.).
Which approach would you recommend me? The basic limitation is that it is a simple LAMP server (no LDAP database). Possibilities I know about:
Use a decentralized protocol such as OpenID, OAuth 2.0, etc. I would prefer this approach. However, OpenID is not supported by Google any more so OAuth 2.0 would be probably more appropriate.
Use DB of users from phpBB and install some plugin to other subcomponents (MediaWiki extension for phpBB auth.)
Use DB of users from MediaWiki and install some plugin to phpBB.
Use some specialized web application for user credentials management and install plugins both to MediaWiki and phpBB.
I think the main point you already understand: You need one of your new platforms to be the central user store. The problem you know have to find out:
What platform has the plugins to interact with each other? It's possible, that you find plugins, that only works "in one direction", and for mediawiki itself you will find a log of outdated extensions, that maybe won't work anymore with the latest mediawiki versions and updates.
The other point is, that you should think about WordPress now, too. After you selected one central user store you mostly can't change it with a lot of work, so I would check for an integration of WordPress now, too.
Looking at that and a short search i wouldn't prefer MediaWiki to be the central user storage, and i'm not sure, if phpBB is the best solution, too :/
I think one of the best would be to use LDAP, extensions and plugins seems to be supported and working for the latest versions of each software. You yould have a central user store, which could be easily integrated in other applications, too. What is the reason you can't use it, an LAMP stack could handle this, too?
The second solution i would consider to choose is to use Google's user store and access it vi OAuth 2.0. MediaWiki, phpBB and WordPress supports this with plugins and/or extensions.
At the end of the day a login is a login is a login. All the custom fields specific to individual applications can be properly bridged with plug-ins. Make the app that will require the most babysitting your main database and thus login system. In many cases it's the forum, but that really varies by site.
I would caution that many new forum admins eventually want to upgrade from phpBB to something that's more powerful and modern. I was one of those admins. Yes, phpBB is as good as an open-source forum gets, but it just doesn't compete with the commercial forum apps. So keep that in mind if you make phpBB your main database.
I'm developing a new Drupal site and was hoping to use Disqus for the comments. I have Single Sign-On configured, however I don't see any way of using it exclusively. Meaning, disable sign in with regular Disqus accounts, Facebook, Twitter, and Google, so that only users that have signed up through my site can use it. This is the way IGN.com does it, for obvious reasons, and it seems to work just fine.
I'm trying to create a unified community of users with unique names, and that doesn't really work when anyone can just log in with their Facebook and use whatever name they want. Then there can be a hundred people with duplicate names and the account they're commenting with won't have any ties to my site.
IGN uses a product that is no longer offered by Disqus, and there's no way to restrict the login options to SSO-only.
You might be interested in using AudienceSync, which replaces this. You can read about it and request to use it here: http://help.disqus.com/customer/portal/articles/1104796-single-sign-on-audiencesync
Super simple question from an ASP newb: I've got an internal-only ASP.NET website I'm working on that uses Windows integrated auth across the board. There are essentially three roles I want to associate with the site: user, manager, and admin. The site is open to the entire org, so anyone who is authenticated is a user, unless they are a manager or an admin.
The list of admins and managers needs to be in a database, not in the web.config. The role information for this site is not in any way associated with what can be learned from a user's AD profile.
I've been picking up ASP.NET pretty quickly and I'm definitely capable of researching the correct solution, but I was hoping someone could start me down the right road here. What's the best way to get this done? I imagine it involves using a role provider on top of the integrated auth, but before I started researching a million options and possibly picked the wrong one, I thought I'd ask here.
Thanks!
I had to do this also and I used the below blog entry from Scott Guthrie to get me going....
http://weblogs.asp.net/scottgu/pages/Recipe_3A00_-Implementing-Role_2D00_Based-Security-with-ASP.NET-2.0-using-Windows-Authentication-and-SQL-Server.aspx
Worked great for me.
I didn't create a new provider or anything. Scott's blog post lays it out nicely. Although it is quite a hack but got me going quickly and did the trick.
With this trick you can use windows auth with DB based roles.
You could use MembershipProvider using ActiveDirectory Info here