JustAMacUser wrote:You should take a look at the auth_internal and auth_remote plugins. TT-RSS authenticates on every request; if a valid session doesn't exist, it runs the login process, which is entirely pluggable. If you follow through the code you'll see that as long as an authentication plugin returns a valid user the login form won't even be shown.
I'd also suggest plugging the prefs page to store custom settings so users do not need to create a settings.php file, which would be tedious during updates.
Thanks for the heads up on that.
There are many setting for saml, security certificates etc, for this initial release having it as the settings.php is easy.
The settings file only stores settings for the SAML Client library itself and not the auth plugin.
If there are any specific options for the plugin then yes having that in the prefs page would be best but for security I think the rest should be in the file IMO.
In this instance having the login page works well for me as I can still use the internal login auth, having the ability to start the SSO with a button is the problem as I do not want it to automatically do SSO, could end up with a endless loop in certain circumstances.
ps. for SSO to work you need to expose three end points SSO/SLO/ACS and I thought it best for that to be done by extending IHandler.