rPHSHIB/923cddf67a1cmaster
rPHSHIB/
923cddf67a1cmaster
/
/
README.md
README.md
Authentication using Shibboleth
- Allows to add Shibboleth as an external authentication method on Phabricator
- You'll have to use apache because Shibboleth is integrated as an Apache module
- Based on a Diff here:
Installation
- Copy the files to the external directories in your Phabricator installation
cp PhabricatorAuthProviderShibboleth.php /path/to/phabricator/src/extensions/ cp PhutilAuthAdapterShibboleth.php /path/to/libphutil/src/extensions/
- Install Shibboleth and configure the service provider
- Configure Apache for Shibboleth authentication on the Phabricator Shibboleth provider, for example in /etc/httpd/conf.d/phabricator.conf
<VirtualHost *:80>
ServerName http://example.com
DocumentRoot /srv/www/facebook/phabricator/webroot
CustomLog "/var/log/httpd/phabricator_access.log" phabricator
ErrorLog "/var/log/httpd/phabricator_error.log"
RewriteEngine on
RewriteRule ^/rsrc/(.*) - [L,QSA]
RewriteRule ^/favicon.ico - [L,QSA]
RewriteCond %{REQUEST_URI} !^/Shibboleth.sso
RewriteRule ^(.*)$ /index.php?__path__=$1 [B,L,QSA]
<Directory "/srv/www/facebook/phabricator/webroot">
Require all granted
AllowOverride None
</Directory>
<Location /auth/login/shibboleth:self/>
AuthType shibboleth
ShibRequestSetting requireSession 1
require shib-session
</Location>
</VirtualHost>- Restart Apache
service apache restart
- Activate the authentication method in Phabricator in the auth application
{F16348}
- You can select "Generated username" to create the username based on the first and last names, and let username fieldname empty
c4science · Help