Are you aware of anyone creating a google openid plugin?

Are you going to update the plugin to 3.x?

Trying to use this Joomla extension on a 2.5.8 Joomla site. The package seems to install everything ok but when I click the "add server" button I get a blank dialog box. Without being able to add a server I can't get any further. Thanks for your hard work. I appreciate this extension even being available to comment on. :)

http://extensions.joomla.org/extensions/access-a-security/site-access/authentication-cloud-based/5366 states, that this plugin can be used to allow logins via openid. I can't find any documentation on how to establish this. Could you please help me?

Hi I would like to ask how I can use SAML VERSION 1.1, I am aware of this
d216b94 , however can you provide some further assistance or report any cautions for possible conflicts?

Thank you in advance!

Bonjour, félicitation pour ce superbe plugin.

Je rencontre un problème, lorsque je me connecte sur jasig 3.5.3 : je ne suis pas automatiquement connecté sur joomla 3.4.5.
La configuration backend de votre extension me semble correcte pour accepter l'autologin.

Lorsque je clique sur le lien de mon serveur via votre module, cela fonctionne.
Je suis connecté automatiquement si mon ticket est déjà valide, ou bien je suis renvoyé vers mon sso puis redirigé avec succès sur joomla.

Auriez-vous une idée s'il vous plait? Une URL sur joomla que je peut appeler pour auto-connecter?
Merci par avance

Dear sir,
I am very appreciate for what you have done. I have implemented your external project, everything is work very well until i have a problem with login joomla.

1. Enter URL of my website
2. Redirect to CAS server, log in.
3. Redirect back to my website without log in Joomla system.
   I do not know if can we log in Joomla system in step 3, like we can get use from JFactory:getUser() after logged CAS server.
   Note: i am a newbie in Joomla, so forgive me if i made mistake and sorry for my bad English.
   Best regard.

I installed plg_system_caslogin-3.1.0.0-rc4 (not the package files) and expected to see some form fields to input the host URL, Port, path to CAS, etc. as you explain here: https://github.com/chdemko/joomla-external-login/wiki/CAS-Login

However, when I open the plugin there is only a blank screen underneath the plugin title. Is the plugin broken? I am using Ubuntu server, but got same result on my local XAMPP install.

I am trying to get this to work with a university CAS, so I don't think I need to install the package (got same SQL errors described by blandman).

Thank you!

Hello,

Since the update of Joomla to version 3.8.10, our users are redirected after a good login to https://our-domain.tld/component/users/profile.html?Itemid=xxx

We did not change anything in the External login and CAS config before the update of Joomla.

We are using the last version of plugin 3.1.2.0 and the problem is still present on our 3 websites.

Thank you for your help,
Steve

Is it possible whem I logout on cas server that is returns to my website ? Everything i click logout it really goes out. But I would like it stays or return to my website. This happens with the automatic login feature turned on.

When I click in External Login package link for download shows me a screen "Page not found" some body have the correct link or file package for this plugin?

I've just installed the plugin on a Joomla 3.5.1 site.
After enabling the plugins and navigating to components->External Login, I get the following SQL error.

Error

Illegal mix of collations (utf8_unicode_ci,IMPLICIT) and (utf8_general_ci,IMPLICIT) for operation '=' SQL=SELECT COUNT(*) FROM `#__externallogin_servers` as a LEFT JOIN #__users AS u ON u.id=a.checked_out LEFT JOIN #__extensions AS e ON `e`.`type`='plugin' AND CONCAT_WS('.', `e`.`folder`, `e`.`element`)=`a`.`plugin` WHERE (a.published >= 0)
Illegal mix of collations (utf8_unicode_ci,IMPLICIT) and (utf8_general_ci,IMPLICIT) for operation '=' SQL=SELECT a.*,u.name AS editor,e.enabled AS enabled FROM `#__externallogin_servers` as a LEFT JOIN #__users AS u ON u.id=a.checked_out LEFT JOIN #__extensions AS e ON `e`.`type`='plugin' AND CONCAT_WS('.', `e`.`folder`, `e`.`element`)=`a`.`plugin` WHERE (a.published >= 0) ORDER BY a.title asc LIMIT 0, 100
Illegal mix of collations (utf8_unicode_ci,IMPLICIT) and (utf8_general_ci,IMPLICIT) for operation '=' SQL=SELECT COUNT(*) FROM `#__externallogin_servers` as a LEFT JOIN #__users AS u ON u.id=a.checked_out LEFT JOIN #__extensions AS e ON `e`.`type`='plugin' AND CONCAT_WS('.', `e`.`folder`, `e`.`element`)=`a`.`plugin` WHERE (a.published >= 0)

Please advise, Thank you for the plugin.

Hello, I use external login module and plugin successfully in my joomla site to authenticate at a third SSO party and return to the "registered" area of the site, where I have some forms. However, I cannot use any response variables in my forms. For example, I need the surname of the user to populate a relative form field, in the sso system the surname is descibed as "sn". Can you give me a hint as for how I should declare this variable and other variables I need in the Full name xpath field in: Servers Manager: Edit --> Attributes, so I can access them and use the user's data?
I use joomnla 3.8.2.
Thanks for any help.

When I upgraded from 2.0.1 to 2.0.2 (update via Extension Manager: Update) my CAS authentication stopped working. Each time I try and authenticate the error message in Joomla states the following,

"LDAP can not have blank password".

To fix the problem I rolled back to v2.0.1 and the problem went away. So until resolved I will not update to v2.0.2.

Please advise. Thanks.

Hi,
thanks for the job you've done.
My issue is in the title and looks like an other one I've seen.
External login and caslogin are installed and enabled.
Then, I created a new server which use caslogin.
When I try to authenticate, I'm redirected to cas server which do the job (I see ticket granting in logs) but joomla seems to reject it . User isn't authenticated but ticket works for another cassified app,
In the plugin logs I've got this message "Unsuccessful verification of server 1".
In connection tab, I tried to give path but I'm no sure on what shoud be here (and if it must be filled).

Certificate file = name of the certificate or complete path to it (which should be on the next field) .
I tried both ('/etc/pki/tls/certs/certificat.pem' and 'certificat.pem')

Thanks for any advice.
Regards

GD

• joomla 2.5.9
• external login 2.1.1
• caslogin 2.1.1
• cas 3.5.1

While testing this component and developing our own CAS Server (in a legacy MVC.Net project) we didn't have SSL. We disabled SSL in code by changing https to http in caslogin.php, line 617:

return 'https://' . $url . ($port && $port != 443 ? (':' . $port) : '') . ($dir ? ('/' . $dir) : '');

However, it would be helpful during testing to have an "unsafe" flag that disables SSL for a particular CAS Server.

Hi,
I found a trouble when try to acces with username with single quote in it.

I try to access with external cas that hat a lot of usernames with single quote but system cannot use it because an error in cas login.

Can you check this cases please?

Regards

Hello,

I made a fresh install of the RC4 into a French Joomla installation (3.7.5). When i try to enter the "External Login Menu" > "Users" or "Servers" (but not in Log), I get this message
"

Many thanks,

Steve.

Hi Christophe,
editing a server previous saved, all serialized data are not populated in form.
Saving again will overwrite the original data with default data.
This only happens in Joomla 3.7

Hi,

I've installed LemonLdap as a CAS idp. It's works with GRR and test code i've written with the phpcas library.
I try to make the CAS plugin work (2.0.3) with my Joomla site (2.5.7) but I don't manage. Users are redirect to the LemonLdap login, can log on the server (sessions are ok), but when they are redirected to the Joomla site, they aren't logged. No user is created in Joomla's user base and there is no error in apache's log file. Don't know where it comes. My parameters in plugin seem ok in the component.

Can someone help me ?

Since version 4 of CAS, it is possible to specify the language of the portal by passing the value in the URL (https://cas.server.edu/login?locale=fr)
Do you think that it is possible to implement the choice of the portal language in the parameters of the "External Login" component?

Thank you for your help,
Steve.

Good day,

I am facing a problem in using an External Login Plugin with CAS, when I login and enter my credentials it doesn't redirect me to the requested page, it goes to the home page not to the targeted page.

how can I solve this issue?

Please support.

Hi Christophe,

I reported my particular issue over on the Joomla Issue Tracker over here:
https://issues.joomla.org/tracker/joomla-cms/14396

Since it seemed to be more of an issue with the JDatabaseQueryMysqli concatenate() method but I figured I'd share it with you too (it's honestly the first time I've run into a collation issue like this related to using a Joomla extension so it took me a while to figure it out and now I can actually try testing out the CAS functionality).

Hi,

I'm using external login with CAS(it is working with LDAP) and Joomla. I have palced box with external login on landing page. This works perfectly( click login -> redirect to CAS -> login -> redirect to joomla as logged user), but when I want to go to web infrastructure(admin panel), I've got a login page. I've rename a group Super user to group which I get from server. Below my logs:

Auto-update new groups of user "client" with groups (8) on server 1
Auto-update of user "client" with fullname "client" and email "[email protected]" on server 1
Added groups (8) for user "client" on server 1
Found string group(s) "ROLE_P_WOD_client" for user "client" on server 1
Successful detection of groups for user "client" on server 1
Successful login on server 1 for CAS user "client"
Successful analysis of XML response on server 1

Should I change a structure of LDAP groups/users to work with joomla? For example using http://shmanic.com/tools/jmapmyldap/documentation/ver-2-mapping-plugin.htm

Hi Christophe,

This might be possible already (I'm just not really familiar with XPath) but if not I might be able to submit a pull request for this if I implement it myself, but it would be nice if we could disallow certain email domains from being able to login to a Joomla site via the CAS plugin?

In our case we have a specific email domain for students so it would be easiest to just disallow them from being able to login completely on a site that's intended for staff only simply by checking the email domain.

The other potential option for other schools that use the same email domain for staff and students would be to filter by a group but we don't currently do that on our end (though it would be nice to have group names turned into Joomla Groups potentially...I haven't played with the groups features yet in the CAS Plugin).

When I try to add a new server the JS popup is just blank.
Direct URL: joomla/administrator/index.php?option=com_externallogin&view=plugins&tmpl=component

Its a blank joomla 2.5.19 installation without any content.
Both plugins are enabled and published.
I've published the module for the frontend login.

Am I missing something? Thanks for your help.

I'm having trouble getting login redirection working, it keeps redirecting users to the user's profile page in Joomla and which has a Edit Profile button shown on the screen. I do not want users sent to the Joomla profile page they should be redirected to a specific Joomla article but it will not send users there after they log in. . I have the correct login redirection page selected in external login but it does not appear to be working correctly for me.

I have installed the latest external-login v3.1.2.0 on Joomla 3.8.12 and we're using the CAS 3.1.2.0 plugin as well.

Thank you!

Hello Christophe,

We were wondering if you could port your Joomla external login and CAS authentication plugins from version 2.5 to 3.2 so that we can use them in our newest project. The name of the project is ReveladeRevolution, and we need some kind of website software for this. Your software would be very helpful to us if it worked with Joomla 3.2.

~Theintercooler team

As I've been using the newest versions of the plugin to do my CAS Testing the past couple of weeks a particular situation has come up a few times that I've observed and at the moment I'm not sure if it's a bug or not, but at the moment it feels like one (and I've been able to verify it occurring with our commercial CAS server and the custom one I've been building in PHP). Below are the details I've been able to gather (I'll take a closer look at the code to see if I can identify any clues leading to the issue after I finish this writeup).

Scenario 1 (User-initiated login from Joomla External Login Module):
If I go directly to my test Joomla site as normal (e.g. "http://localhost/intranet"), then hit the CAS Login button, I'm redirected to our CAS Server, I log in, and I get redirected back to the Joomla site with everything validated and I get logged in without any problem.

Scenario 2 (CAS Auth Initiated Outside of Joomla)
If instead of initiating the CAS login from the Joomla site, I simply put in the URL to the CAS Server and provide the Joomla site URL as the value for the service like this:

https://cas.example.com/cas/login?service=http%3A%2F%2Flocalhost%2Fintranet%2F&gateway=true

After successfully authenticating, it doesn't log me in properly to Joomla upon redirect, instead it appears to get confused and I can visibly see some issues in the address bar because it ends up showing two tickets there like this:

http://localhost/intranet/?&ticket=ST-5daf489e55234da88af1a4df27289976&ticket=ST-e1a2f109d8da471aa8995a39a93a3550

At this point, if I hit the Login button from the External Login module, it will simply keep on redirecting back to the Joomla site with additional tickets appended to the URL.

From what I've been able to gather so far, the External Login Module initiates a request over to the External Login component so perhaps it is kicking off the SSO process in some way there in the normal Scenario 1, whereas that same process isn't being setup in Scenario 2.

When a user wants to access a URL directly to a page that is behind authentication, he is redirected to the CAS portal. However, after the authentication, the user returns to the site's home page and not to the page from which it was redirected to the CAS portal.
Do you have a method for the user to be redirected to the original page after proper authentication?

Thank you,

Shteevy.

Hi I have a cas server
url: mydomain:8443
path mylogin

I try to login but I got in the logs
Info system-caslogin-autologin 2016-02-17 01:42:50 Autologin failed on server 1
Info system-caslogin-autologin 2016-02-17 01:42:50 Trying autologin on server 1
Info system-caslogin-verify 2016-02-17 01:42:50 Successful verification of server 1

Any idea how to solve that
Thanks

After install the extension. When you try to see component from administrator you get
Illegal mix of collations (utf8_general_ci,IMPLICIT) and (utf8_unicode_ci,IMPLICIT) for operation '='

Hello Christophe,

As you know, I am actively using "External Login" with the "CAS Plugin". I have a problem with the component.
I configured the "Unauthorized Page" redirection to "External Login Component" when a user directly requests a menu link that is only accessible to registered users. Now, when I call a page reserved for registered users, I am redirected successfully to the component but when I log in after choosing the server in the drop-down list, I am not redirected to the page initially requested. Has the component been adapted for this behavior or just the connection module?

Thank you in advance for your help,
Steve

This could be related to the other issue I reported a few minutes ago but I'm noticing that after adding in a CAS server entry I'm not really able to edit it afterward.

If I click on the existing entry, on the next page the form shows up as if I'm creating a new entry so I'm not able to change the settings (I noticed one isn't correctly set and wanted to update it).

I'll try and take a closer look in more detail in my debugger and see if I can figure out what's happening and provide more info here if it's an actual issue.

Bonjour,

Je n'arrive pas à me logger sur le serveur cas j'ai cette erreur récurente
"0 Contrôleur invalide : user"
. J'ai activer l'auto login.

Help me please!!

Hello Christophe,

The new redirection system is very nice. But i have little problem.

When a user directly loads the address of a specific page of the site, he is redirected because of the "Login redirection" option.

What I would like to do is simply redirect users who connect from the home page to a specific menu link. When the user has entered a direct address to a page, it should continue to be redirected to that page after authentication.

Is it possible ?
Many thanks for your help,

Steve.

Hi,
This is a very nice work. Our school using CAS as CAS authentication,but we already have joomla 3.x website. We find that externallogin doesn't work, plz tell me what to do. Or I'm looking forward you can update this plg.

Hello, i'm trying to update RC1 to RC2 but I got this message ->

Steve.

The protocol examplifies the xml response with the xml prefix cas but xml doesn't require a specific prefix - only proper namespaces. When our CAS Server responds with the xml in the default namespace instead, caslogin.php doesn't find authenticationSuccess.

The fix is to add this row to caslogin.php, line 244, right after $xpath = new DOMXPath($dom);:

$xpath->registerNamespace('cas', 'http://www.yale.edu/tp/cas');

Hello. We use a lot your Joomla Extension but we issue a problem. The are migrating to Joomla 3.0 and the extension became imcompatible. Are you planning to publish a new version ? Using External Login with Cas Login . We are a public organization.

After upgrading the External Login Package and CAS Login Plugin from 3.1.1.0-rc3 to 3.1.2.2, I can no longer login to the front-end or back-end via CAS. Here is the error I receive:

Error
Login ist not activated for this user

This occurs on Joomla! 3.9.1. Here is the system information:

Thanks,
Eddie

Hello Christophe,

When a single CAS Server is configured and a non-connected user loads a page that require authentication, the user have to "Choose Server".
Do you think it's possible to show only a "connexion buton" when only one server is configured ?

Many thanks for your help,
Steve.

I think on new versions of the CAS server the url parameter of logout redirect should be 'service' and not 'url'. See https://jasig.github.io/cas/4.2.x/protocol/CAS-Protocol-Specification.html#logout

"Note: The url parameter defined in the former CAS 2.0 specification is not a valid parameter in CAS 3.0 anymore. CAS Servers MUST ignore given url parameters."

Dear Christophe,

I install joomla-external-login and CAS Login into my joomla system.
I got the error [Curl error: error setting certificate verify locations].
Could you please help me solve the issue?
The following is the steps I found the error:

• After login CAS server successfully, user could not login into joomla.
• So I checked log in table [externallogin_logs] and found message "Unsuccessful verification of server 1".
• I tried to read code and found that there was error when performing [Verify the service] in file caslogin.php (line 226 -234)
• I trace error by the following code:
  if(curl_errno($curl)){
  echo 'Curl error: ' . curl_error($curl);
  }

ERROR FOUND: Curl error: error setting certificate verify locations: CAfile: cas_server.crt CApath: E:\cashttps://localhost:8443/cas/serviceValidate?ticket=........

Could you please guide me how to configure path for the Certification file?
Thank you so much for your work and your help.

The connection was configured as in the following picture:

Bonjour,

Comment récupérer les attributs qui dans ce type de schéma

<property








</property

Pour le user pas de souci mais pour les autres je ne vois pas

pouvez-vous m'aider?

merci

When using the attribute groupof as groups field, i receive a value in ldap dn format:

cas:memberofcn=group1,ou=division,dc=domain,dc=com/cas:memberof

I've tried to parse the string to use only the cn value with xpath using substring-after and substring-before funtions, but only works when there are only one group. With several groups i havent found a way to do it with xpath (at least with xpath 1.0):

cas:memberofcn=group1,ou=division,dc=domain,dc=com/cas:memberof
cas:memberofcn=group2,ou=division,dc=domain,dc=com/cas:memberof

Do you know a way to do it, or its possible to add a function to do it in the module?

thanks

Hi! It seems that there is an issue with the logging since Joomla 3.8 moved the Logger to the libraries/src folder and added namespace usage for it.

We currently avoid this behaviour on Joomla 3.8 by deactivating the logging.

Regards
Peter

Hi Christophe,

Could you add in an option to switch between v2 and v3 CAS URLs please when configuring a CAS server?

I was testing out this PHP CAS Server here:
https://github.com/leo108/php_cas_server

And the way he's implemented things seems like it might be following the protocol more specifically (he doesn't return that extra cas:attributes section in the response when I tested your plugin against it).

The standard seems to show that the only difference in the URIs is a /p3/ prefix added before the serviceValidate part.

I ran a small test by making a quick change into the CAS System Plugin here (line 238 or so):

curl_setopt($curl, CURLOPT_URL, $this->getUrl($params) . '/p3/serviceValidate?ticket=' . $ticket . '&service=' . urlencode($uri));

And during the next login attempt that CAS Server then returned the cas:attributes section automatically.

CAS URIs Reference:
https://apereo.github.io/cas/4.2.x/protocol/CAS-Protocol-Specification.html#2-cas-uris
https://apereo.github.io/cas/4.2.x/protocol/CAS-Protocol-Specification.html#28-p3servicevalidate-cas-30

I guess on the server implementation the builders can be strict and not return the CAS Attributes section as in the case above (the other product we've been using internally has been a CAS Server based off of the WSO2 product, which must be less strict and still returns the CAS attributes even though we're technically using the v2 protocol).

I still need to try out your other update from yesterday so hopefully I can get to that in a bit here.

Hi. First of all, nice work on maintaining this component.

I do think there is a small bug with blocked/incorrect/unknown redirection. I've tried to create a invisible menu link with External URLs (actually they are internal .html files). When the the plugin blocks the user, the redirection just appends the path, like: http://www.site.com/index.php?/mypath/file_html&Itemid=414, insted of respecting the behavior of the External URL menu type.