new: [oidc] Readme

app/Plugin/OidcAuth/README.md

@@ -0,0 +1,49 @@
+# MISP OpenID Connect Authentication
+
+This plugin provides ability to use OpenID as Single sign-on for login users to MISP.
+When plugin is enabled, users are direcly redirected to SSO provider and it is not possible
+to login with passwords stored in MISP.
+
+## Usage
+
+1. Install required library using composer
+
+```
+cd app
+php composer.phar require jumbojett/openid-connect-php
+```
+
+2. Enable in `app/Config/config.php`
+
+```php
+$config = array(
+    ...
+    'Security' => array(
+        ...
+        'auth' => 'array('OidcAuth.Oidc')',
+    ),
+    ...
+```
+
+3. Configure in `app/Config/config.php` (replace variables in `{{ }}` with your values)
+
+```php
+$config = array(
+    ...
+    'OidcAuth' = [
+        'provider_url' => '{{ OIDC_PROVIDER }}',
+        'client_id' => '{{ OIDC_CLIENT_ID }}',
+        'client_secret' => '{{ OIDC_CLIENT_SECRET }}',
+        'role_mapper' => [ // if user has multiple roles, first role that match will be assigned to user
+            'misp-user' => 3, // User
+            'misp-admin' => 1, // Admin
+        ],
+        'default_org' => '{{ MISP_ORG }}',
+    ],
+    ...
+```
+
+## Caveats
+
+* When user is blocked in SSO (IdM), he/she will be not blocked in MISP. He could not log in, but users authentication keys will still work and also he/she will still receive all emails. 
+

app/composer.json

@@ -29,7 +29,8 @@
         "ext-bcmath": "For faster validating IBAN numbers",
         "ext-rdkafka": "Required for publishing events to Kafka broker",
         "elasticsearch/elasticsearch": "For logging to elasticsearch",
-        "aws/aws-sdk-php": "To upload samples to S3"
+        "aws/aws-sdk-php": "To upload samples to S3",
+        "jumbojett/openid-connect-php": "For OIDC authentication"
     },
     "config": {
         "vendor-dir": "Vendor",