suprisingly, accomplishing a SSO on mantis wasn't that hard. This HowTo is meant for plugin developer with basic knowledge, it's not a finished "just install me and you are done" plugin.
You first need a running LDAP integration, i won't cover that part - there are plenty of guides, second you have to modify your webserver so it challanges you against your ldap, i used mod_auth_sspi with apache2
http://sourceforge.net/projects/mod-auth-sspi/
IIS should have an equivalent NTLM solution, then add a .htaccess into your mantis, with this it will challenge a username and passwort, IE autosends your domain credentials, Firefox needs a little tweak
http://sivel.net/2007/05/firefox-ntlm-sso/
.htaccess
Code: Select all
AuthName "My Intranet"
AuthType SSPI
SSPIAuth On
SSPIAuthoritative On
require valid-user
I hooked the event EVENT_CORE_READY and did a little check
Code: Select all
function autoLogin()
{
if (auth_is_user_authenticated())
return;
# REMOTE_USER is domain\username
$username = explode('\\', $_SERVER['REMOTE_USER']);
$t_user_id = user_get_id_by_name($username[1]);
# If user has a vlid id, log in
if ($t_user_id)
{
# Mantis Login
user_increment_login_count( $t_user_id );
user_reset_failed_login_count_to_zero( $t_user_id );
user_reset_lost_password_in_progress_count_to_zero( $t_user_id );
auth_set_cookies($t_user_id, true);
auth_set_tokens($t_user_id);
}
}
You could further get the ldap fields and grant access level based on the OU, that would move the whole access level part out of mantis into your AD (i'm working on that one ^^)
Code: Select all
$ldapFields = explode(",", ldap_get_field_from_username($username[1], "distinguishedname"));
# Wenn Technik dann wird er Admin, Entwickler wird Dev usw TODO: In INI legen
if (array_search("OU=Technik", $ldapFields) !== false)
$this -> changeAccessLevel($t_user_id, ADMINISTRATOR);
elseif (array_search("OU=Entwickler", $ldapFields) !== false)
$this -> changeAccessLevel($t_user_id, DEVELOPER);