AutoAuth
AutoAuth is a PHPCredLocker plugin providing a one-click login option for certain CredTypes. By providing the relevant form id's (presets are available), superadmins can configure a credential type to display a 'Log In' button for all associated credentials.
AutoAuth is known to work with
- CPanel/WHM
- Webmin
- WordPress
- Drupal
AutoAuth doesn't currently work with Joomla! as it requires a correct form token to be included in the request.
You can see AutoAuth in action in the PHPCredLocker demo.
See below for the Plugin's README
Contents
About AutoAuth
AutoAuth Plugin is a plugin allowing system admins to configure PHPCredLocker to display a 'Log In' button for specific credtypes. When enabled, the plugin simply generates a form containing the credentials so that users can log into linked systems with one click.
Thanks to Joomla User Group Suffolk (JUGS) for the feature suggestion!
Plugin Configuration
The configuration file contains two options
- active - Is the plugin enabled?
- warnredirect - Should a Javascript confirm box be displayed before redirecting the user
CredType Configuration
When enabled, the plugin will display additional fields when adding or editing a Credential Type. The settings specified in these will define how credentials are passed to the login script of the linked system, getting them wrong will result in a failed login.
- Enable Auto Login button: Should the plugin be enabled for this CredType?
- Additional address path: Specifies any additional URL params that need to be specified to enable login
- User Field: The field name used by the login form of the linked system
- Password Field: The field name use by the login form of the linked system
- Requires Cookies: Some systems require a specific cookie to exist. If this is checked, the target page will be loaded as part of the form (the user won't see it) to ensure all relevant cookies are set.
- Additional Fields: Some systems require additional hidden fields to be submitted. This field allows you to specify names and values in CSV format using key=value (i.e. page=home,action=login)
Example configurations
Note: These examples assume you've stored the address of the server without a trailing slash (i.e. mysite:2082 rather than mysite:2082/)
| CPanel | Webmin | WordPress | |
|---|---|---|---|
| Additional Address Path | /login | /session_login.cgi | /wp-login.php |
| User Field | user | user | log |
| Password Field | pass | pass | pwd |
| Requires Cookie | No | Yes | Yes |
| Additional Fields | none | page=/, |
Known Incompatible
Systems known not to be compatible with AutoAuth's one-click login are
- Joomla! - Requires a unique form token to be submitted
- PHPCredLocker - Requires a unique form token to be submitted
Any system which requires a unique form token to be submitted (such as Joomla!) cannot be supported as the token changes with each session/request. Systems which simply require a specific cookie to be set (such as Webmin) are supported however, as are those which allow login details to be submitted without further information (such as CPanel/WHM).
The plugin may fail to work where an invalid SSL certificate has been used on the linked system. The browser will deny access until the user has specifically accepted the suspicious certificate, preventing automatic setting of cookies prior to the login request being sent.
Login button not displaying
There are essentially three reasons why the login button may not display after a user has clicked 'Display Password'.
- Plugin not enabled - Check plugins.conf and conf/plugins/AutoAuth/config.php
- Required field not included - Credential must have URL, User and Password stored for the plugin to trigger
- Internal plugin fault - Sorry! These have been well tested for, but it's possible something's been missed
Purchase
You can purchase AutoAuth from my shop.
