MISP
/
MISP
mirror of https://github.com/MISP/MISP
2
2
Fork 0
Code Issues Releases Wiki Activity
MISP/app/Plugin/OidcAuth
History
Jakub Onderka 6a553d39da fix: [OIDC] Change algo how roles are assigned to users 2021-03-03 13:37:08 +01:00
..
Controller/Component/Auth fix: [OIDC] Change algo how roles are assigned to users 2021-03-03 13:37:08 +01:00
README.md new: [oidc] Readme 2021-03-01 08:58:45 +01:00

README.md

MISP OpenID Connect Authentication

This plugin provides ability to use OpenID as Single sign-on for login users to MISP. When plugin is enabled, users are direcly redirected to SSO provider and it is not possible to login with passwords stored in MISP.

Usage

  1. Install required library using composer
cd app
php composer.phar require jumbojett/openid-connect-php
  1. Enable in app/Config/config.php
$config = array(
    ...
    'Security' => array(
        ...
        'auth' => 'array('OidcAuth.Oidc')',
    ),
    ...
  1. Configure in app/Config/config.php (replace variables in {{ }} with your values)
$config = array(
    ...
    'OidcAuth' = [
        'provider_url' => '{{ OIDC_PROVIDER }}',
        'client_id' => '{{ OIDC_CLIENT_ID }}',
        'client_secret' => '{{ OIDC_CLIENT_SECRET }}',
        'role_mapper' => [ // if user has multiple roles, first role that match will be assigned to user
            'misp-user' => 3, // User
            'misp-admin' => 1, // Admin
        ],
        'default_org' => '{{ MISP_ORG }}',
    ],
    ...

Caveats

  • When user is blocked in SSO (IdM), he/she will be not blocked in MISP. He could not log in, but users authentication keys will still work and also he/she will still receive all emails.