mirror of https://github.com/MISP/MISP
c25dd7082a
Update OidcAuthenticate.php |
||
---|---|---|
.. | ||
Controller/Component/Auth | ||
README.md |
README.md
MISP OpenID Connect Authentication
This plugin provides ability to use OpenID as Single sign-on for login users to MISP. When plugin is enabled, users are direcly redirected to SSO provider and it is not possible to login with passwords stored in MISP.
Usage
- Install required library using composer
cd app
php composer.phar require jumbojett/openid-connect-php
- Enable in
app/Config/config.php
$config = array(
...
'Security' => array(
...
'auth' => 'array('OidcAuth.Oidc')',
),
...
- Configure in
app/Config/config.php
(replace variables in{{ }}
with your values)
$config = array(
...
'OidcAuth' = [
'provider_url' => '{{ OIDC_PROVIDER }}',
'client_id' => '{{ OIDC_CLIENT_ID }}',
'client_secret' => '{{ OIDC_CLIENT_SECRET }}',
'role_mapper' => [ // if user has multiple roles, first role that match will be assigned to user
'misp-user' => 3, // User
'misp-admin' => 1, // Admin
],
'default_org' => '{{ MISP_ORG }}',
],
...
Caveats
- When user is blocked in SSO (IdM), he/she will be not blocked in MISP. He could not log in, but users authentication keys will still work and also he/she will still receive all emails.