Remote auth: mobile access

Created on 2016/10/20, cms, drupal, joomla, mobile, sso, users, wordpress
Category: 

For those of you using the auth.remote plugin in slave mode with an external CMS like Drupal, WordPress or Joomla!, the RESTful access to Pydio necessary to create a communication with the mobile (iOS / Androïd) clients is tricky, but should work. It’s all about setting the right configuration for the various MASTER_XXX options of the auth.remote driver (via the GUI).

Technical background : read it!

When accessing Pydio through the web in an “auth.remote” configuration, the login action is never performed via Pydio, but it is done via your CMS login form and your CMS triggers the necessary actions to log your users in Pydio as well.

However, the mobile clients are not supposed to know how to connect to e.g Drupal, and can only try to authenticate against Pydio. In that case, once the authentication submitted to Pydio, a remote call mechanism will let Pydio submit the authentication credentials to the CMS : it means that Pydio handles “like a user” and will grab the CMS login form, fill it, and submit it. At this point, if the login is successfull, the CMS will log Pydio back!

WordPress implementation is quite straightforward, but Joomla & Drupal necessit 2 calls, one for getting the login form secure tokens, and a second for submitting the form with these values. This is performed by loading the HTML page that contains the form, parsing it, find the login form by it’s HTML ID, and grab the hidden inputs key/values to submit the POST query.

For this reason, you’ll have to make sure that the MASTER_URL / LOGIN_URL points to a page that indeed display the login form, that this form’s HTML id is the right one as defined by Auth Form Id. For Joomla, the default id is login-form, but some install seem to use form-login instead. For Drupal, the default id is user-login-form. For wordpress it is not necessary.

Troubleshooting

If it’s still not working, and you see concerning “loadHTML() function failing” in your log file, the page HTML is probably creating errors at parsing time. In that case, create a simple login page with the least HTML possible, but just the login form of your CMS.

When testing the configuration, you may have to try several times, and you are soon locked out of the server by the brute force login defence mechanism. In that case, searched for the failedAJXP.log file inside the PHP temporary folder and delete it, and this should work! Or simply turn the server in debug mode (see AJXP_SERVER_DEBUG on bootstrap_context.php), this will avoid the brute force login mechanism.

My CMS is not in the list!

Don’t panic, you “simply” have to implement your own function to perform the authentication submission. The idea is to use an HttpClient to POST the right values to the CMS. Add this function in the auth.remote/cms_auth_functions.php file, and check the existing implementations to see how it’s done. In some case, only a POST is necessary, in other there is a two-way communication, in that case you can use a DOMDocument to parse the HTML response of the CMS.