Presentation is loading. Please wait.

Presentation is loading. Please wait.

Authentication in Joomla! 1.5. About Me  Born in Feb 1979, started in the computing industry with Pong.  In the late ‘80s moved into the Commodore 64.

Published byMitchel Diggle Modified over 9 years ago

Similar presentations

Presentation on theme: "Authentication in Joomla! 1.5. About Me  Born in Feb 1979, started in the computing industry with Pong.  In the late ‘80s moved into the Commodore 64."— Presentation transcript:

1 Authentication in Joomla! 1.5

2 About Me  Born in Feb 1979, started in the computing industry with Pong.  In the late ‘80s moved into the Commodore 64 where I developed utilities in Basic (Yes, before I was 10).  Moved into a Tandy PC shortly there after when even more Basic programming was completed including a full blown login system.  I ran a BBS (‘The BBS Enterprise’) for 4 years and became a regular poster on the Fido Network.  First introduction to the Internet was via my high school to the time where we accessed gopher and telnet via a shared modem line.  I started with Slackware Linux in the early ‘90s and ever since then I’ve been working with new technologies including VoIP, and IPv6.  Started PHP development in Feb 2000 with my own concept of what is now known as MVC, although you wouldn’t know it.  I’m currently working as an Information Security Analyst and hold a number of certifications on computer networking and technologies.

3 Overview  Changes from 1.x  Structure/How it works  Code base details  Hello World Example  GMail Example  OpenID & our pit falls  Other schemes to implement  Questions

4 What has changed since 1.x?  Added Plug-in system using JDispatch  Ability to completely customize the authentication system from end to end  Ability for end plug-ins to overwrite user details for user auto-creation. ie: One can login with LDAP email address, and rewrite the UserID to just the login  Enabled the creation of temp users from external plugins.

5 Structure Joomla! Application Joomla Auth OpenID Auth Other Auth Plugins LDAP Auth The Joomla! application sends the authentication request to all enabled plug-ins. The order is based on the plug- in rank in the manager. Each plug-in processes the request and sends back a status to the handler. The handler checks for a success and passes it off to the application. In the case of a failure, it logs the errors to JLog for analysis by the admin.

6 Code Base  function onAuthenticate( $username, $password )  Process an Authentication request  Gets a username and password  Returns a JAuthenticateResponse object  status  JAUTHENTICATE_STATUS_SUCCESS  JAUTHENTICATE_STATUS_FAILURE  error_message  Can be any text  Text should identify the error that occurred  Gets sent to JLog system to be logged  On failure end user will only see invalid credentials response  Can also return: username, fullname, password etc.

7 Code Base cont.  function onAuthenticateFailure( $username, $password )  Fires when only a failure is detected.  Can be used to clear details from J! or cookies on failure.

8 Code Base cont.  function onLoginUser( $response, $remember )  Processed on a successful login by a plugin  $response is the JAuthenticateResponse from the accepted plugin  $remember is set when the user wants to be remembered

9 Code Base cont.  function onLogoutUser( $parameters )  Processed on a logout request from user  $parameters is an array:  Username: The username being logged out  ID: The users ID

10 Code Base cont.  Extra events for syncing users include:  onBeforeStoreUser  onAfterStoreUser  onBeforeDeleteUser  onAfterDeleteUser

11 Hello World of Authentication function onAuthenticate( $username, $password ) { $return = new JAuthenticateResponse('example'); if ($username == “Hello” && $password == “World”) $return->type = JAUTHENTICATE_STATUS_SUCCESS; else $return->type = JAUTHENTICATE_STATUS_FAILURE; return $return; }

12 GMail Example function onAuthenticate( $username, $password ) { $return = new JAuthenticateResponse('gmail'); $curl = curl_init("https://mail.google.com/gmail/feed/atom"); curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curl, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($curl, CURLOPT_USERPWD, "$username:$password"); $result = curl_exec($curl); $code = curl_getinfo ($curl, CURLINFO_HTTP_CODE); $message = ''; $success = 0; switch($code) { case 200: $message = 'Access Granted'; $success = 1; break; case 401: $message = 'Access Denied'; break; default: $message = 'Result unknown, access denied.'; break; } if ($success) { $return->status = JAUTHENTICATE_STATUS_SUCCESS; $return->email = $username; $return->fullname = $username; } else { $return->status = JAUTHENTICATE_STATUS_FAILURE; $return->error_message= 'Failed to authenticate: '. $message; } return $return; }

13 OpenID & Our Pit Falls  Issues  Cookie data needs to be sent to client  It must redirect to external site  It should return to the authentication plug-in  Limited Support in PHP4

14 OpenID & Our Pit Falls cont.  Used JSession to store cookies  Built URIs with JURI and redirected via $mainframe  Returned mimicking a login form response  Checked for cookie/session state to complete the request  Used SimpleXML to mimic OpenID requests

15 Other schemes  Radius  RSA SecurID  WiKID  Extendable External Databases (EED)  Google Account Authentication  Kerberos  IMap/POP3

16 Questions?

Download ppt "Authentication in Joomla! 1.5. About Me  Born in Feb 1979, started in the computing industry with Pong.  In the late ‘80s moved into the Commodore 64."

Similar presentations

Inter WISP WLAN roaming

Inter WISP WLAN roaming
MFA for Business Banking – Security Questions with 2nd Request Multifactor Authentication: Quick Tip Sheets Note to Financial Institutions: We are providing.

MFA for Business Banking – Security Questions with 2nd Request Multifactor Authentication: Quick Tip Sheets Note to Financial Institutions: We are providing.
MFA for Business Banking – Security Code Multifactor Authentication: Quick Tip Sheets Note to Financial Institutions: We are providing these QT sheets.

MFA for Business Banking – Security Code Multifactor Authentication: Quick Tip Sheets Note to Financial Institutions: We are providing these QT sheets.
MFA for Business Banking – Security Questions with Reset Multifactor Authentication: Quick Tip Sheets Note to Financial Institutions: We are providing.

MFA for Business Banking – Security Questions with Reset Multifactor Authentication: Quick Tip Sheets Note to Financial Institutions: We are providing.
Suchin Rengan Principal Technical Architect Salesforce.com

Suchin Rengan Principal Technical Architect Salesforce.com
LIS651 lecture 3 taming PHP Thomas Krichel 2007-04-15.

LIS651 lecture 3 taming PHP Thomas Krichel
Core Data Trial in North West Institute of Further & Higher Education 27 May 2003 Greg McClure Maureen McKee Davey OHare.

Core Data Trial in North West Institute of Further & Higher Education 27 May 2003 Greg McClure Maureen McKee Davey OHare.
Different Approaches to Single-Sign-On Jeff Kahn, Verbena Consulting.

Different Approaches to Single-Sign-On Jeff Kahn, Verbena Consulting.
CookiesPHPMay-2007 : [‹#›] Maintaining State in PHP Part I - Cookies.

CookiesPHPMay-2007 : [‹#›] Maintaining State in PHP Part I - Cookies.
Authentication in Joomla! 1.5 Presented By: Jason Kendall Joomla! Development Workgroup.

Authentication in Joomla! 1.5 Presented By: Jason Kendall Joomla! Development Workgroup.
Presenter: James Huang Date: Sept. 29, 2014 1.  HTTP and WWW  Bottle Web Framework  Request Routing  Sending Static Files  Handling HTML  HTTP Errors.

Presenter: James Huang Date: Sept. 29,  HTTP and WWW  Bottle Web Framework  Request Routing  Sending Static Files  Handling HTML  HTTP Errors.
METALOGIC s o f t w a r e © Metalogic Software Corporation 2004-2006 DACS Developer Overview DACS – the Distributed Access Control System.

METALOGIC s o f t w a r e © Metalogic Software Corporation DACS Developer Overview DACS – the Distributed Access Control System.
Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.

Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.
NHnetWORKS December 14, 2009.  Facebook is a global Social Networking website that is operated and privately owned by Facebook, Inc.  Users can add.

NHnetWORKS December 14,  Facebook is a global Social Networking website that is operated and privately owned by Facebook, Inc.  Users can add.
Copyright © 2004 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Securing web applications using Java EE Dr Jim Briggs 1.

Securing web applications using Java EE Dr Jim Briggs 1.
WEB2P security Java web application security Dr Jim Briggs.

WEB2P security Java web application security Dr Jim Briggs.
KerberSim CMPT 495 Fall 2004 Jerry Frederick. Project Goals Become familiar with Kerberos flow Create a simple Kerberos simulation.

KerberSim CMPT 495 Fall 2004 Jerry Frederick. Project Goals Become familiar with Kerberos flow Create a simple Kerberos simulation.
POP Email Configuration Microsoft Outlook Express 6.x.

POP Configuration Microsoft Outlook Express 6.x.
Setting up Email in Outlook Express. Select “Tools” from the toolbar menu.

Setting up in Outlook Express. Select “Tools” from the toolbar menu.

Similar presentations

Ads by Google