When installed server and client, I test it on "test_flat.php" , and the result shows "Unable to obtain SSO server login access. Error: Unable to decode response data from the server", is it the problem that lack of mcrypt_module_open in my php .

by the way, the version of my php is 5.3.3，is it necessary to upgrade to 5.4

thaks

(

Parse error: syntax error, unexpected ':' in /homepages/25/d724446980/htdocs/sso/admin_40AhGwRS88KYT32dIDuacvKK7jM42oZ4/admin_hook.php on line 4

I'm using php 7.2

File Header.php is missing from /support/Net/DNS2

As per https://github.com/mikepultz/netdns2/tree/master/Net/DNS2 you can see the file Header.php is meant to be included. This breaks the sign-up process (and possibly other issues).

The fix: file .gitignore is ignoring header.php files everywhere - but this needs to be only in the root.

Comparing with the current version of NetDns2, I can see the files cdnskey.php, csync.php and openpgpkey.php are missing from /support/Net/DNS2/RR but this may just be a different version.

So, I think the .gitignore needs to be:
/admin_hook.php
/config.php
/header.php
/footer.php
/index__.php
/settings.php
/support/_.mmdb

Thanks for the great work :)

Using Generic Login with Native PHP Bcrypt hashing and a combined length of a username and email address that totals 37 or more characters, I am able to login with any password I choose.

This is because PHP truncates the password to a max of 72 characters.

https://www.php.net/manual/en/function.password-hash.php

Using the PASSWORD_BCRYPT as the algorithm, will result in the password parameter being truncated to a maximum length of 72 bytes.

from index.php in sso_login, the password is created from a combination of 4 elements

$data = $username . ":" . $email . ":" . $salt . ":" . $phrase;
$passwordinfo = self::HashPasswordInfo($data, $sso_settings["sso_login"]["password_mode"], $sso_settings["sso_login"]["password_minrounds"]);

So, if I have

username: very_long_username
email: [email protected]
salt: vyZFOrJvunsk3ofUhDSsKQAuXYSULvKM
password: chutnee stereographes ruddiest mesnalties

the password hash is created from:
very_long_username:[email protected]:vyZFOrJvunsk3ofUhDSsKQAuXYSULvKM:chutnee stereographes ruddiest mesnalties

When truncated to the PHP max of 72 characters, you get:
very_long_username:[email protected]:vyZFOrJvunsk3ofUhDSsKQAuX

which does not include the full salt and does not include any of the password, thus allowing me to login using any password I choose.

This issue does not appear to be present when using using Blowfish::Hash().

Thank you again for your great work!

I think I have correctly configured the system but I get this error when I try to create a user in Generic Login : Invalid e-mail address. Invalid domain name. Internal exception occurred.

Please could you help me?

When I've Install the SSO-Server in admin_hook.php missed the " ' " -> example

`<?php
if (!defined("SSO_FILE")) exit();

if ($_SERVER["REMOTE_ADDR"] !== 172.30.0.3)  exit();

$bb_usertoken = f43d41cd7cd3413fb8f979d81fc65f4a;
$sso_site_admin = true;

`

Using PhpStan at level zero raises issues like those included below. Most look like simple oversights that have crept in over time. These results demonstrate the benefits of setting up static analysis, so I'll detail how you could add that to the package.

 ------ ---------------------------------------------------------------------
  Line   endpoint.php
 ------ ---------------------------------------------------------------------
  129    Function SSO_Translate not found.
 ------ ---------------------------------------------------------------------

 ------ ----------------------------------
  Line   providers\sso_facebook\index.php
 ------ ----------------------------------
  303    Undefined variable: $name
  380    Undefined variable: $item
  380    Undefined variable: $item
 ------ ----------------------------------

 ------ ------------------------------------------------------------
  Line   providers\sso_login\index.php
 ------ ------------------------------------------------------------
  786    Access to an undefined property sso_login::$activemodules.
  818    Access to an undefined property sso_login::$activemodules.
  1045   Access to an undefined property sso_login::$activemodules.
  1671   Access to an undefined property sso_login::$activemodules.
  1690   Access to an undefined property sso_login::$activemodules.
  1758   Access to an undefined property sso_login::$activemodules.
  1776   Access to an undefined property sso_login::$activemodules.
  2302   Undefined variable: $updateinfo
 ------ ------------------------------------------------------------

 ------ -------------------------------------------------------------------------------------
  Line   providers\sso_login\modules\sso_remember_me.php
 ------ -------------------------------------------------------------------------------------
  268    Static method sso_login::HashPasswordInfo() invoked with 1 parameter, 3-4 required.
  310    Access to an undefined property sso_login_module_sso_remember_me::$activemodules.
 ------ -------------------------------------------------------------------------------------

 ------ ------------------------------------------------------
  Line   support\Net\DNS2.php
 ------ ------------------------------------------------------
  3028   Call to an undefined method Net_DNS2_RR::preBuild().
  7961   Undefined variable: $errno
  7962   Undefined variable: $errstr
 ------ ------------------------------------------------------

 ------ --------------------------------------
  Line   support\emulate_curl.php
 ------ --------------------------------------
  446    Undefined variable: $curl_error__map
  456    Undefined variable: $resource
  647    Undefined variable: $cert
 ------ --------------------------------------

 ------ ---------------------------------------------------------------------
  Line   support\phpqrcode.php
 ------ ---------------------------------------------------------------------
  208    Access to an undefined static property QRtools::$frames.
  606    Class qrstr referenced with incorrect case: QRstr.
  717    Class qrstr referenced with incorrect case: QRstr.
  745    Class qrstr referenced with incorrect case: QRstr.
  746    Class qrstr referenced with incorrect case: QRstr.
  747    Class qrstr referenced with incorrect case: QRstr.
  751    Class qrstr referenced with incorrect case: QRstr.
  752    Class qrstr referenced with incorrect case: QRstr.
  1162   Instantiated class QRbitrtream not found.
  1220   Static call to instance method QRinput::estimateBitsModeKanji().
  2126   Undefined variable: $run
  2940   Undefined variable: $ret
 ------ ---------------------------------------------------------------------

 ------ ---------------------------------------------------------------------
  Line   support\phpseclib\Base.php
 ------ ---------------------------------------------------------------------
  136    Access to an undefined property Crypt_Base::$key_length.
  172    Access to an undefined property Crypt_Base::$key_length.
  172    Access to an undefined property Crypt_Base::$key_length.
  180    Instantiated class Crypt_Hash not found.
  203    Instantiated class Crypt_Hash not found.
  547    Access to an undefined property Crypt_Base::$buffer.
  1136   Access to an undefined property Crypt_Base::$key_length.
  1136   Access to an undefined property Crypt_Base::$key_length.
  1533   Undefined variable: $func
 ------ ---------------------------------------------------------------------

 ------ ------------------------------------------------------------
  Line   support\phpseclib\Rijndael.php
 ------ ------------------------------------------------------------
  48     Access to an undefined property Crypt_Rijndael::$key_size.
  51     Access to an undefined property Crypt_Rijndael::$key_size.
  54     Access to an undefined property Crypt_Rijndael::$key_size.
  57     Access to an undefined property Crypt_Rijndael::$key_size.
  60     Access to an undefined property Crypt_Rijndael::$key_size.
 ------ ------------------------------------------------------------

 ------ -----------------------------------------------------
  Line   support\pop3.php
 ------ -----------------------------------------------------
  12     Access to an undefined property POP3::$messagelist.
 ------ -----------------------------------------------------

 ------ -----------------------------------------------------------
  Line   support\smtp.php
 ------ -----------------------------------------------------------
  658    Undefined variable: $lastchar
  663    Undefined variable: $lastchar
  669    Undefined variable: $lastchar
  725    Undefined variable: $lastchar
  989    Call to an undefined static method SMTP::SMTPTranslate().
  990    Call to an undefined static method SMTP::SMTPTranslate().
  1104   Call to an undefined static method SMTP::SMTPTranslate().
  1120   Call to an undefined static method SMTP::SMTPTranslate().
  1121   Call to an undefined static method SMTP::SMTPTranslate().
 ------ -----------------------------------------------------------

Hi
First of all, great product!

I am trying to import users from an existing application. I have two issues and a question as well.

1. I get an error with my field mapping....
   $mapinfo = array(first_name => $row["sFirst_Name"],
   last_name => $row["sLast_Name"],);
   PHP Warning: Use of undefined constant first_name - assumed 'first_name' (this will throw an Error in a future version of PHP)

Then, I do not pick up the Blowfish class.
I added a reference to it but still get an error.

PHP Fatal error: Uncaught Error: Class 'Blowfish' not found in.....

Then my question...
I am bringing the password from the client app in as is. In other words it is encrypted with whatever encryption method the developer used. Is that fine as I see further encryption is being applied. Or must I bring the password in as cleartext?
Thank you
Deon

Hi,

I like your project and interesting start to use. Is it possible to add possibility configure SignUp functionality such as:

• User can SignUp by Phone number ( without email ) , with confirm of phone number owner ( validate code ).
  or as alternative
• User can SignUp by Email ( what you have currently )

And SignIn also want to be more flexible:

• Use can SignIn via Email ( existing )
• Use can SignIn via Username ( existing )
• Use can SignIn via Phone number ( not yet )

Waiting on your response, Thank you!

I had to re-order the classes in /support/Net/DNS2.php for PHP 8. It seems that a class must now be declared before it can be inherited/extended.

You can see my revision at https://github.com/unicarehealth/sso-server/blob/master/support/Net/DNS2.php

After setting up SSO server, following steps in video, generic login any visit to the root of sso installation displays: "Session ID expected. Most likely causes: Pressing the back button, clicking a URL that launched a new web browser, using a non-official client, or a bad or incorrectly configured web proxy. If you clicked a URL in an e-mail, it opened a new web browser, and you got this error, then try this solution: Copy the URL and paste it into the address bar of the other web browser. Sorry for the inconvenience, but this behavior helps keep your account secure from hackers."

Also, occasionally, "Invalid session ID specified." with no session id specified (i added a dump to the code to see if bad data or no data vs. cond to display message. )

a cookie is shown in the header that contains nothing:
sso_server_id=(nada)

no errors in access log or otherwise.

halp?

I've seen in the code, BBCodeTranslation.
How can I do translate thescripts?
I don't found anything in the docs.
Please help, thanks

Best regrats,
Felix Schmitt

I think line 2340 of /providers/sso_login/index.php should be

echo $sso_footer;

The first user(ID 1) has been signed up via generic login
The second user (ID 6) has been signed up via Google Provider, it looks like duplicated users. Have You any ideas or maybe You know any way to find the solution?

So, going through the process of migrating a dev copy to another server for deployment, changing configs, all that, I get an error when attempting to access the system.

Unable to obtain SSO server login access. Error: Unable to decode response data from the server.

I've looked in the functions, and found where it references this error.
Please advise

I have some questions....
Can i build a OAuth2 Server Like Google, Facebook?
With edit-profile, profile-picture and Developer-Site?
And Redirect url from server back to site is?

Please Answer

Felix Schmitt

I know this isn't the place to log this, but I can't register with the forums to log it there! It looks like it's still trying to add an aim filed to the DB at http://barebonescms.com/forums/member.php?action=register&from_sso_server=1

SQL Error:
1054 - Unknown column 'aim' in 'field list'
Query:
INSERT INTO mybb_users (`username`,`password`,`salt`,`loginkey`,`email`,`postnum`,`threadnum`,`avatar`,`avatartype`,`usergroup`,`additionalgroups`,`displaygroup`,`usertitle`,`regdate`,`lastactive`,`lastvisit`,`website`,`icq`,`aim`,`skype`,`google`,`birthday`,`birthdayprivacy`,`signature`,`allownotices`,`hideemail`,`subscriptionmethod`,`invisible`,`receivepms`,`pmnotice`,`pmnotify`,`threadmode`,`showimages`,`showvideos`,`showsigs`,`showavatars`,`showquickreply`,`showredirect`,`sourceeditor`,`ppp`,`tpp`,`daysprune`,`dateformat`,`timeformat`,`timezone`,`dst`,`dstcorrection`,`buddylist`,`ignorelist`,`style`,`away`,`awaydate`,`returndate`,`awayreason`,`pmfolders`,`notepad`,`referrer`,`referrals`,`reputation`,`regip`,`lastip`,`language`,`timeonline`,`showcodebuttons`,`totalpms`,`unreadpms`,`warningpoints`,`moderateposts`,`moderationtime`,`suspendposting`,`suspensiontime`,`coppauser`,`classicpostbit`,`receivefrombuddy`,`suspendsignature`,`suspendsigtime`,`loginattempts`,`usernotes`) VALUES ('Cxxxxx xxxxxn','-','ZzHEL2','7BuGsEkuRyxxxxxvKxzJq9UseXDN12GdxOzL7','[email protected]','0','0','','',2,'',0,'',1593093102,1593093102,'',0,'','','','','none','',1,1,0,1,1,1,1,'linear',1,1,1,1,1,1,0,0,0,0,0,0,'-7',0,0,'','',0,0,0,0,'','','',0,0,0,X'838',X'','',0,1,0,0,0,0,0,0,0,0,0,0,0,0,1,'')

is there any way to register users in the sso server from our current application when user is created ?

I'm not sure where I can get the access_token parameter from? I'm trying to connect the SSO generic login portion to Kanboard, however it always comes up as 'external authentication failed' I feel like the reason is because on my User section, I do not have the access_token parameter listed, but I have no idea where to even go to get the access_token parameter at in the admin panel on the sso server. Can you help me?

Thank you!!

Hello,
I had this issue a second time.... Please Help:

I have the Script uploading above the Server.
I installed this Step by Step.
Than works the Admin Panel.
After a short time, when i reload the site,than whiteb screen.
are the API is Working. This Problem had I the last 24 h ever!
After ever new Installation!

I hosted the Script above a Plesk Windows Server, and have all permissions.

Please help me everyone!
With best regrades,
Felix Schmitt

(P.s. Sorry for my englisch, i come from germany)

THIS IS NOT A ISSUE

I've a Question,
i will design my own Form, i have designed the form site, but i don't know design the form elements.

i have read all files of this Script, but I nothing found.

Sorry for my english.

With best regards,
Felix Schmitt

When I register my own user and verify - I can't to login. I get the message "Your account has insufficient permissions to access that resource." but cookies are dropped

Just a quick one: base_facebook.php (line 1291) should have

$query = '?'.implode('&', $retained_params);

instead of having '&' as the second parameter.

Corporate filtering is preventing many users from seeing their verification/recovery emails. Unfortunately, this is just the way it is - and it's getting worse - companies just can't risk another phishing/crypto attack. Even as our outgoing mail server complies with security/trustworthiness features, these emails are still getting blocked.

I think an option needs to be enabled for email verification/recovery via a simple 6-8 digit code sent via email, then entered/pasted by the user into a form.

Please let me know what you think, if I'm missing something already integrated, and/or how I can help.

Thank you.

Can you provide some tutorial or documents about combine with LDAP, thanks
By the way, when I click enable of ldap, it shows "The ldap_connect() function does not exist. LDAP won't work until the LDAP PHP extension is enabled."

when I'm use proxy Cloudflare and SSL protection on Cloudflare at install sso-server the Over SSL option in check requirements is "red" - NO, but web site is loading over SSL

I think need add the additional check for HTTP_X_FORWARDED_PROTO to the function BB_IsSSLRequest()
if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') {
$_SERVER['https'] = 'on';
}

A few quick fixes.

1. index.php line 150:
   'non-offical' should be 'non-official'.

2. sso_remember_me.php starting at line 310:
   Replace $this->activemodules with $activemodules as it is just a local variable.

3. index.php line 185 - add field $activemodules:
   protected array $activemodules = [];

Incorporating PhpDoc would mean adding two lines:

/** @var array<string, string> */
protected array $activemodules = [];

Will you accept pull requests for these sorts of changes?

Hi
Auth by Facebook doesn't work :(
I add callback url for my facebook application but SSO Server set 'redirect_url' as url with GET params like 'state', 'sos_provider', 'sos_facebook_action', etc...
Facebook not support callback url with GET params and say that redirect url not in 'white list'

Facebook API v2.2
Generated url by SSO Server:
https://www.facebook.com/v2.2/dialog/oauth?client_id=[app_id]&redirect_uri=[url]%2F%3Fsso_provider%3Dsso_facebook%26sso_facebook_action%3Dsignin&state=iqVTI8msHFSYgtIovR6HLhmmYUnQewC0&scope=email
In Facebook application I add [url] to white list

this happened on configure menu after clicking on save button

Any idea how to integrate this to Wordpress?

Hi I followed the youtube video and I got the following error even though my local setup is correct.
OS: OSX using Valet

Hello,
I have the Script uploading above the Server.
I installed this Step by Step.
Than works the Admin Panel.
After a short time, when i reload the site,than whiteb screen.
are the API is Working. This Problem had I the last 24 h ever!
After ever new Installation!

I hosted the Script above a Plesk Windows Server, and have all permissions.

Please help me everyone!
With best regrades,
Felix Schmitt

(P.s. Sorry for my englisch, i come from germany)

We've started seeing the 'New session ID expected. Most likely cause: Cookies are disabled or bad provider.' error when logging in via mobile devices.

Is this due to Chrome disabling third-party cookies (https://www.cookiebot.com/en/google-third-party-cookies/) and SetCookieFixDomain being called without a value for the domain parameter (and hence the cookie not having a domain specified)?

Would it be relevant to incorporate SameSite=Lax on the cookie?