Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/fawno/ntlmauthenticator
NTLM Authenticator for CakePHP 4 Authentication plugin
https://github.com/fawno/ntlmauthenticator
authentication authenticator cakephp cakephp-plugin cakephp4 ntlm ntlm-authentication
Last synced: about 1 month ago
JSON representation
NTLM Authenticator for CakePHP 4 Authentication plugin
- Host: GitHub
- URL: https://github.com/fawno/ntlmauthenticator
- Owner: fawno
- License: mit
- Created: 2022-04-25T23:33:30.000Z (over 2 years ago)
- Default Branch: master
- Last Pushed: 2022-04-26T03:29:18.000Z (over 2 years ago)
- Last Synced: 2024-04-15T07:35:59.692Z (8 months ago)
- Topics: authentication, authenticator, cakephp, cakephp-plugin, cakephp4, ntlm, ntlm-authentication
- Language: PHP
- Homepage:
- Size: 6.84 KB
- Stars: 0
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
[![GitHub license](https://img.shields.io/github/license/fawno/NTLMAuthenticator)](https://github.com/fawno/NTLMAuthenticator/blob/master/LICENSE)
[![GitHub release](https://img.shields.io/github/release/fawno/NTLMAuthenticator)](https://github.com/fawno/NTLMAuthenticator/releases)
[![Packagist](https://img.shields.io/packagist/v/fawno/ntlm-authentication)](https://packagist.org/packages/fawno/ntlm-authentication)
[![Packagist Downloads](https://img.shields.io/packagist/dt/fawno/ntlm-authentication)](https://packagist.org/packages/fawno/ntlm-authentication/stats)
[![GitHub issues](https://img.shields.io/github/issues/fawno/NTLMAuthenticator)](https://github.com/fawno/NTLMAuthenticator/issues)
[![GitHub forks](https://img.shields.io/github/forks/fawno/NTLMAuthenticator)](https://github.com/fawno/NTLMAuthenticator/network)
[![GitHub stars](https://img.shields.io/github/stars/fawno/NTLMAuthenticator)](https://github.com/fawno/NTLMAuthenticator/stargazers)# NTLM Authenticator for CakePHP 4 Authentication plugin
This plugin provides an NTLM Authenticator for CakePHP 4 authentication plugin.
# Table of contents
- [Requirements](#requirements)
- [Installation](#installation)
- [Configuration](#configuration)
- [Apache with SSPI NTLM based authentication module (mod_authn_ntlm)](#apache-with-sspi-ntlm-based-authentication-module-mod_authn_ntlm)
- [NTLMAuthenticator](#ntlmauthenticator)## Requirements
- PHP >= 7.2.0
- Apache 2.4 SSPI NTLM based authentication module ([mod_authn_ntlm](https://github.com/TQsoft-GmbH/mod_authn_ntlm))
- CakePHP >= 4.3.0
- [CakePHP Authentication](https://book.cakephp.org/authentication/2/en/index.html) >= 2.0Optional:
- ext-ldap ([LDAP php extension](https://www.php.net/manual/en/book.ldap.php))[TOC](#table-of-contents)
## Installation
Install this plugin into your application using [composer](https://getcomposer.org):
- Add `fawno/ntlm-authentication` package to your project:
```bash
composer require fawno/ntlm-authentication
```
- Load the NTLMAuthenticator in your `Application.php`:
```php
use Fawno\NTLM\Authenticator\NTLMAuthenticator;
```
- Load the NTLMAuthenticator in your Authentication Service (`Application.php`):
```php
// Load the authenticators. Session should be first.
$service->loadAuthenticator('Authentication.Session');$service->loadAuthenticator(NTLMAuthenticator::class, [
'domains' => [],
]);
```[TOC](#table-of-contents)
## Configuration
`exampledomain` short domain name
`example.com` full domain name
### Apache with SSPI NTLM based authentication module ([mod_authn_ntlm](https://github.com/TQsoft-GmbH/mod_authn_ntlm))
Only routes with `/login` are authenticated with NTLM
`webroot\.htaccess`:
```aconfAuthName "Example App"
AuthType SSPI
NTLMAuth On
NTLMAuthoritative On
NTLMDomain exampledomain
NTLMOmitDomain Off # keep domain name in userid string
NTLMOfferBasic On # let non-IE clients authenticate
NTLMBasicPreferred Off # should basic authentication have higher priority
NTLMUsernameCase lower
Require valid-userAuthType None
Require all granted#Order allow,deny
#Allow from 192.168.0.0/16
Satisfy all
```[TOC](#table-of-contents)
### NTLMAuthenticator
NTLM Authenticator can query through LDAP for user membership. This information is stored in the session and can be used for authorization (ACL).
```php
$service->loadAuthenticator(NTLMAuthenticator::class, [
'domains' => [
'exampledomain' => [
'ldap' => [
'srv' => 'active-directory.example.com',
'user' => base64_encode('[email protected]'),
'pass' => base64_encode('UserPassword'),
'dn' => 'OU=Departaments, DC=example, DC=com',
'dn_users' => 'CN=Users, DC=example, DC=com',
],
'config' => [
'some_key' => 'some_data',
],
],
'exampledomain2' => [
'ldap' => [
'srv' => 'active-directory.example2.com',
'user' => base64_encode('[email protected]'),
'pass' => base64_encode('UserPassword2'),
'dn' => 'OU=Departaments, DC=example2, DC=com',
'dn_users' => 'CN=Users, DC=example2, DC=com',
],
'config' => [
'some_key' => 'some_data',
],
],
],
]);
```
The configured credentials should have query-only access to the LDAP service and no other privileges within the domain.`config` array is optional data can be stored in session auth data.
It allows configuring the logo of the organization and other data common to the users of a domain that the application needs to use.The application does not have any access to validated user passwords, all NTLM authentication is negotiated between the Apache server and the browser.
[TOC](#table-of-contents)