Bug #28450
$TYPO3_CONF_VARS['FE']['loginSecurityLevel'] is ignored
| Status: | Resolved | Start date: | 2011-07-25 | |
|---|---|---|---|---|
| Priority: | Should have | Due date: | ||
| Assignee: | Michael Miousse | % Done: | 100% |
|
| Category: | - | Spent time: | - | |
| Target version: | - | |||
| Votes: | 1 (View) |
Description
I try to use both backend AND frontend auth, but can't get it working with felogin.
$TYPO3_CONF_VARS['FE']['loginSecurityLevel'] = 'normal' seems to be ignored.
If I use $TYPO3_CONF_VARS['BE']['loginSecurityLevel'] = 'rsa'; BE login works, but FE users can't login. FE=normal and BE=rsa behaves as if only $TYPO3_CONF_VARS['BE']['loginSecurityLevel'] = 'rsa'; is set. FE users only can login if BE is set to normal (which posts unencrypted passwords).
Typo3 4.5.3 / ig_ldap_sso_auth 1.1.1 / rsaauth 1.1.0 / felogin 1.3.1
History
Updated by Fabien Udriot almost 2 years ago
- Status changed from New to Needs Feedback
FE users only can login if BE is set to normal (which posts unencrypted passwords).
Does it really make sense?
Is EXT:rsa correctly enabled + configured ?
Don't you have values which gets overridden? You can check it in "Admin Tools" > "Configuration"
Updated by Georg Leitner almost 2 years ago
Does it really make sense?
For an intranet with 100+ users it imho does make sense to use existing user-data via LDAP. It would be very comfortable for the users if the same credentials could be used for the BE (so they use one secure password).
Is EXT:rsa correctly enabled + configured ?
I can't find EXT:rsa; EXT:rsaauth (RSA authentication for TYPO3) version 1.1.0 is up and running. As said BE works, if $TYPO3_CONF_VARS['BE']['loginSecurityLevel'] = 'rsa';
Don't you have values which gets overridden? You can check it in "Admin Tools" > "Configuration"
"Admin Tools" > "Configuration" gives me:
$TYPO3_CONF_VARS['BE']['loginSecurityLevel'] = 'rsa'; $TYPO3_CONF_VARS['FE']['loginSecurityLevel'] = 'normal';
POST-Data of working BE login form:
userident -> rsa:...=
POST-Data of non working FE login form:
pass -> password (plaintext)
If I set $TYPO3_CONF_VARS['BE'] to 'normal' and don't configure FE (Tools" > "Configuration" says $TYPO3_CONF_VARS['FE']['loginSecurityLevel'] = '';) FE login (with plaintext password) is working.
If $TYPO3_CONF_VARS['FE'] is set to 'rsa' FE login (pass -> rsa:...=) is NOT working.
If $TYPO3_CONF_VARS['FE'] is set to 'normal' and $TYPO3_CONF_VARS['FE'] to 'rsa' only BE login is working.
If neither $TYPO3_CONF_VARS['FE'] nor $TYPO3_CONF_VARS['BE'] is set only FE login is working (BE default is 'superchallenged' which doesn't work as said in the manual).
In matrix form:
$TYPO3_CONF_VARS['FE'] | $TYPO3_CONF_VARS['BE'] | FE login | BE login --------------------------------------------------------------------- rsa | rsa | false | true normal | rsa | false | true normal | normal | true | true empty | normal | true | true empty | empty | true | false
Updated by Georg Leitner almost 2 years ago
- File 28450_01.diff added
Function getUser() of class tx_igldapssoauth_sv1 (sv1/class.tx_igldapssoauth_sv1.php) does not check if the login is for BE or FE. It uses $GLOBALS['TYPO3_CONF_VARS']['BE'] also for the FE. The attached patch works on my installations.
Updated by Michael Miousse over 1 year ago
- Status changed from Needs Feedback to Resolved
- Assignee set to Michael Miousse
- % Done changed from 0 to 100
Solved in the 1.1.1 version of ig_ldap_sso_auth