I am achieved the login functionality through REST API provided by sugarCRM ,
http://<url>/service/v2/rest.php?method=login&input_type=JSON&response_type=JSON&rest_data={"user_auth":{"user_name":"Vsree","password":"0141ffbe5e8d1cbaaeee96b3ca49cc49"}}
also updated the login response from
service\core\SugarWebServiceImpl.php
i am updated the response and its working fine . but it is a suiteCRM core module , i want to extend the login functionality with out affecting core modules, So how can i extend the modules inside suircrm .How can i achieve this
In order to change the login you need to create a custom version of the modules that the login process uses in the custom/modules directory.
The authentication is handled by the users module. You could create your own type of authentication by copying one from modules/Users/authentication/
and pasting it in custom/modules/Users/authentication/.
This will give you a means to extend or to create your own authentication method.
You may wish to simply copy the SugarAuthenticate. Then you can create a custom version of it.
Related
I have added few custom attributes for my org's requirement to registration field. Have customized the theme and added validation as per the documentation. It works fine. I could add these attributes to account management page also by modifying the account template.
However, I want to add capability to edit these custom attributes under account management as well as custom validation logic for this edit action. I can't get any reference to the documentation.
Would appreciate any help. I am using Keycloak 12.0.2 on RHEL 7.9 OS with Java 11.
I know three options for this.
You can overwrite your Keycloak source code according to your needs but i did not suggest that because of if you update source code , Using new version of keycloak will be harder.
You can relocated your custom validations on your modifying the account template.
You can write completely new interface ,which is not using directly keycloak, and you can write new backend which is using admin rest api on keycloak.By the way you can find adaptors for keycloak admin api's for different languages(For Js : keycloak-admin)
I am answering it after long time, but newer version of Keycloak from 14.0 onwards, they have something called declarative user profile which can be enabled to have custom attributes. It allows to define custom attributes from admin console. One can configure permissions for admin and the user, additionally one can configure to use inbuilt basic validators. Keycloak renders registration form and update profile form dynamically based on these attributes. However, as far as I know, as of version 18.0.2, you still need to modify account template for allowing custom attributes visible and modifiable from account management. Same validators works with just modification of template, you need not do anything in code. I am referring to Keycloak WildFly distribution, which is rechristened as legacy distribution now.
Here are the links the same -
Github User Profile
Redhat issue or umbrella task for related work
Keycloak documentation - Defining User Profile
A customer of ours has just purchased CQ5 and would like to externalize all of its security. We'd like to use an STS server for SSO and then leverage a custom authorization/attribute provider instead of the CQ5 repository. Ultimately, we do not want to use LDAP in any way.
Here is how we envision this (some pieces already working):
User browses to CQ5 Dispatcher running in Apache
Apache filter redirects user to STS site where login is completed.
User is redirected back to Apache with SAML Claims.
User ID token is placed as cookie into browser. (everything is working up to here)
CQ5 captures that cookie based on the SSO configuration (working)
Problem starts here: From here, we want to call a custom authorization provider for the user's attributes, roles, groups etc...
We have tried to figure out how to do this and can't seem to find the missing link.
Do we need to create a custom login module? Do we need to create a custom principal provider? Do we somehow use the existing LDAP capability in CQ5 but have it call a custom class which leverages the external auth source?
If anyone here has any idea how to do this, their karma quotient would be full for the year if they could share it. I'm not sure if this is a basic thing you do with JAAS or even where to put my classes after I've created them.
We've worked really hard on this so far and seem to be close, but we keep hitting dead-ends.
Thanks so much if you have an idea where to begin!!
-joe
Recent versions of AEM now include the SAMLAuthenticationHandler which allows you to:
Redirect users to SSO to simulate IDP initiated login, or
Allow AEM to perform SP initiated login with IDP
Specify attributes to take from the SAML Assertion and add to the user's profile node (not sure if you can use this for groups)
Specify which groups users should be added to
Set a cookie called request-path that will store the URL the user arrived at, and then redirect them to that location when they're authenticated (ie. deep linking)
This makes relying on the SAMLAuthenticationHandler better than using Apache to redirect. The current version of the handler bundled with AEM 6.2 does not properly set the cookie when using the redirect method, but Adobe does have an updated version that they can provide that will fix that problem.
I normally recommend that clients do not have their own authentication handlers developed inside AEM.
When not using LDAP, this does create an issue where users will not exist until they've logged in. Additionally, when your architecture includes more than one load balanced publisher, it is possible that a user may exist on one server user synchronization.
Try searching the google group for SSO details. Here's one useful post:
http://groups.google.com/group/day-communique/browse_thread/thread/72c235c83a501252/fba4d08a90487156?lnk=gst&q=SSO#fba4d08a90487156
It seems that you will have to implement a custom LoginModule, more information here: http://dev.day.com/docs/en/crx/current/deploying/custom-login-modules.html
I'm developing a website with Symfony2.
I installed FOSUserBundle successfully. Now I would like to install FOSFacebookBundle so that it will work with FOSUserBundle.
I don't really understand the whole "provider user" thing. In the FOSFacebookBundle documentation it says "7. Optionally define a custom user provider class and use it as the provider or define path for login", should I do that to make the two bundles work with each other ? What is that for?
I want to make those two work with each other.
i recently worked on a project in which i included these two bundles. A user provider is just a class that is responsible for checking auth data. Let's say you have a shop and customers should be able to login, so you have to define a user provider that handles customer entities that are stored in a local database.
But in your case you have Facebook Users that should be able to login. So you define a user provider that can handle these type of users (with the help of the FosFacebookBundle).
It's really simpel. See "Example Custom User Provider using the FOS\UserBundle" chapter further down. You can just copy and paste it into your own bundle.
I am working with an app that is querying a JSON API on a server running Drupal. I used this tutorial and have changed the code a bit to work with my program, but every request just sends me to the not authorized page that the server generates. Any ideas why?
Why not use the drupal ios sdk? https://github.com/organizations/workhabitinc
I guess you haven't set the permissions in the Drupal service.
First go to permissions, and set the desired ones for the modules you're using (I guess you're using the default ones that are included within the services module).
Next, go to Site Building->Services, and authentication. Check if you have any authentication module set, and if so, add the methods that you're using to that key.
At our company we've made several apps which uses Drupal (but using XMLRPC instead of JSON). So feel free to ask everytime you need :)
We've a custom rigging of Sugar (using GWT for various front end stuff), and we use the SOAP API for much of our querying (vs. directly to the DB).
One of the API calls to check credentials is get_available_modules, which returns all available modules for a given user. How could a user have access to a module in the web interface, but not via a SOAP call (same session id?).
Not entirely sure on your question. Do you want a user to hve access to one set of modules from web and another set via soap? Or is there a difference on you setup?
First off, there should not be a difference between a user's available modules on web and soap calls.
If you want a different set for each access method, you need to change e.g. "get_available_modules" in the soap web service. One crude approch could be to make an override array in config_override.php abd check against that array in the soap function.