Difference between revisions of "Remote Authentication"
Line 5: | Line 5: | ||
To enable Remote Authentication: | To enable Remote Authentication: | ||
− | + | #Set $_CONF['remoteauthentication'] = true; in config.php | |
− | + | #Set $_CONF['usersubmission'] = 0; in config.php | |
− | + | #Install one or more Authentication classes in /path/to/geeklog/system/classes/authentication (Geeklog ships with a class for Blogger.com and one for LiveJournal.com) | |
With Remote Authentication enabled, the user is presented with a select box on the login screen to choose the login service. This will default to your site, but allow them to choose an external service. Users are authenticated via their remote username and password, and if they pass authentication a ''local'' account is created on your geeklog site that is slaved to that remote account. These local slave accounts can be banned, have special permissions etc just like any regular site user. The account creation process is the same as for local accounts, so all custom functions and plugin notifications are carried out as normal. | With Remote Authentication enabled, the user is presented with a select box on the login screen to choose the login service. This will default to your site, but allow them to choose an external service. Users are authenticated via their remote username and password, and if they pass authentication a ''local'' account is created on your geeklog site that is slaved to that remote account. These local slave accounts can be banned, have special permissions etc just like any regular site user. The account creation process is the same as for local accounts, so all custom functions and plugin notifications are carried out as normal. |
Revision as of 09:35, 12 June 2005
New in geeklog 1.3.12 is the Remote Authentication system. With Remote Authentication enabled, users can login to your site via any authorised external service and act as a regular user.
This allows you to disable anonymous comments and make it easier for people to comment (they don't have to sign up on yet another site (yours) they can use a pre-existing central account to make comments).
To enable Remote Authentication:
- Set $_CONF['remoteauthentication'] = true; in config.php
- Set $_CONF['usersubmission'] = 0; in config.php
- Install one or more Authentication classes in /path/to/geeklog/system/classes/authentication (Geeklog ships with a class for Blogger.com and one for LiveJournal.com)
With Remote Authentication enabled, the user is presented with a select box on the login screen to choose the login service. This will default to your site, but allow them to choose an external service. Users are authenticated via their remote username and password, and if they pass authentication a local account is created on your geeklog site that is slaved to that remote account. These local slave accounts can be banned, have special permissions etc just like any regular site user. The account creation process is the same as for local accounts, so all custom functions and plugin notifications are carried out as normal.
In addition, the user is added to the group 'Remote Users' allowing you to automaticaly grant/deny specific permissions to all remote users.
Unique Usernames
When a new account is created, the local username for that account is set to the remote username. However, if there is already a user in the system with the same username a call is made to custom_uniqueRemoteUsername passing in their remote username and the name of the service used to validate the user. This allows the admin to supply a custom function to ensure unique usernames for all users.
It is not necessary to have unique usernames. This does not break the security of a local user or remote users login, as the full remote username and service are stored locally to avoid collision and internally users are identified by a unique number. However, if you want to ensure it is clear who has posted a comment or article by the name displayed, this function allows you to ensure uniqueness.
Disabling Services
To disable a specific service, simply remove the (servicename).auth.class.php file from /path/to/geeklog/system/classes/authentication and that remote service will no longer be available to your users.
Adding Services
Currently authentication modules for LiveJournal and Blogger are available. If you wish to add further services you will have to write custom modules to do so. This can be done by creating a php file named ServiceName.auth.class.php which declares a class called ServiceName with a method called authenticate. Authenticate takes username and password as arguments and should return a boolean. The class should expose an 'email' property and attempt to provide the users valid email address if this can be aquired from the remote server.