Skip to content
/ simplesamlphp-module-sqlauthphppassword Public
forked from Prodrivers/simplesamlphp-module-sqlauthphppassword

An authentication module for SimpleSAMLphp that assumes password hashes are stored cryptographically secure.

simplesamlphp.org

License

MIT license
2 stars 8 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

poVoq/simplesamlphp-module-sqlauthphppassword

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits

docs

docs

 
 

lib/Auth/Source

lib/Auth/Source

 
 

.gitignore

.gitignore

 
 

composer.json

composer.json

 
 

default-enable

default-enable

 
 

license.md

license.md

 
 

readme.md

readme.md

 
 

Repository files navigation

sqlauthPHPPassword:SQL

WARNING! This version only works with Nextcloud as it contains a hack for the specific password hash implementation of it. It is also not really tested much and don't expect quality code. The Nextcloud developers also do not recommend accessing the database directly like that!

This is an authentication module for SimpleSAMLphp to authenticate a user against a SQL database table.

It uses PHP's built-in password_verify functions to securelly store password.

The implementation is based heavily on SimpleSAMLphp modules sqlauth:SQL and sqlauthBcrypt:SQL.

Options

dsn : The DSN which should be used to connect to the database server. Check the various database drivers in the PHP documentation for a description of the various DSN formats.

username : The username which should be used when connecting to the database server.

password : The password which should be used when connecting to the database server. If you are running this locally for development and you are using an empty password, set this to the empty string ('').

query : The SQL query which should be used to retrieve the user. The parameters :username and :password are available. If the username/password is incorrect, the query should return no rows. The name of the columns in resultset will be used as attribute names. If the query returns multiple rows, they will be merged into the attributes. Duplicate values and NULL values will be removed.

pepper : The pepper string appended to passwords before generating the hash. If you are not using a pepper, set this to the empty string ('').

hash_column : The column storing password hashes.

Examples

Example - MySQL server:

'phppassword-example' => array(
  'sqlauthphppassword:SQL',
  'dsn' => 'mysql:host=<hostname>;dbname=<database name>',
  'username' => '<database user>',
  'password' => '<database user password>',
  'hash_column' => 'password_hash',
  'query' => 'SELECT username AS uid, name AS cn, email AS mail, password_hash FROM users WHERE username = :username',
  'pepper' => '<random string>',
),

Example - Postgres Nextcloud 12 database (experimental):

 'phppassword-example' => array(
  'sqlauthphppassword:SQL',
  'dsn' => 'pgsql:host=<hostname>;dbname=<database name>',
  'username' => '<database user>',
  'password' => '<database user password>',
  'hash_column' => 'password',
  'query' => "SELECT oc_users.uid, displayname AS cn, password, configvalue AS mail, gid AS memberOf FROM oc_users LEFT JOIN oc_preferences ON oc_users.uid = oc_preferences.userid AND oc_preferences.appid = 'settings' AND oc_preferences.configkey = 'email' LEFT JOIN oc_group_user ON oc_users.uid = oc_group_user.uid WHERE oc_users.uid = :username",
  'pepper' => '',
),

About

An authentication module for SimpleSAMLphp that assumes password hashes are stored cryptographically secure.

simplesamlphp.org

Topics

simplesamlphp nextcloud sso saml2 idp

Resources

Readme

License

MIT license
Activity

Stars

2 stars

Watchers

3 watching

Forks

1 fork
Report repository

Releases

2 tags

Packages

No packages published

Languages

  • PHP 100.0%