So a few weeks ago I released JAuthTools 1.5.4 which features Token Login. Token Login was created to solve the need to generate a secure token that you can use for automatic login, for example with stuff like newsletters. Today I’m going to show you how you can write something simple with Token Login to handle automatic login with tokens in a unique problem case.
Read more

Context login is a new concept that I’m introducing in 1.5.4 that features a new login module called “mod_contextlogin” and support from both the Advanced LDAP and Advanced GMail plugin. I’ll focus on today the GMail plugin and how you can use both context login and the Advanced GMail plugin to connect to two different Google supported domains (e.g. GMail and a Google Apps for your Domain site).

The first step in all of this is to install JAuthTools. The Context Login bit is mostly self contained so once you’ve got my Advanced Tools extensions installed you should be able to install the extras package. You can grab the 1.5.1 version of the Advanced Tools extension off Joomla!Code at http://joomlacode.org/gf/download/frsrelease/6797/22390/com_advancedtools.tgz and install directly in Joomla!. The next item we’re going to need is the helper package, the best way to grab this is to install the JAuthTools Core Package from http://joomlacode.org/gf/download/frsrelease/9530/36171/pkg_jauthtools_core.tgz which will also give you SSO and User Source libraries as well. The JAuthTools Extras Package contains both the context login module and the Advanced GMail authentication plugin. The extras package also has the LDAP user plugin and the Advanced LDAP plugin but we’re not going to use that today. The current version of the extras package is 1.5.4 (just released!) and you can grab it off JoomlaCode at http://joomlacode.org/gf/download/frsrelease/9530/36195/pkg_jauthtools_extras.tgz and you can also install this directly into Joomla!.

Once you’ve got everything installed, you can get to work. The first place we need to go into the Module Manager in the Administrator and look for Context Login. It’ll be there but it won’t be published by default. Opening it up we’ll see a lot of the params that we know and love from the core built in login module but we’ll also see some params immediately below the caching option called “Contexts”, “Require Context” and “Default Context”. The “Contexts” param is a text field that allows you to enter a per line entry of contexts. In this case we’re going to have two different contexts: one for the main GMail domain (gmail.com) and another for a Google Apps for your Domain (say “yourdomain.com”). Perhaps you’ve got a few of these domains that you want to limit people to so what you can do is enable the “Require Context” option. This will enforce a given context upon the module and remove the ability for the user to be flexible. Keep in mind that this isn’t added with the request, only a context ID is sent which is then looked up and found on the remote site. The last option is the default context to use which is set to -1 initially but can be set to the index of the context (starting from 0). This changes the context select box with the default selected and is purely a cosmetic setting. Once you’ve put in a few domains, you can enable the module and position it somewhere. If you want to put in some extra settings you can also do this like you would do with the normal login module.

The next step is to configure the Advanced GMail plugin. The Advanced GMail has all of the features of the existing GMail plugin and then some. If you’re currently using the GMail plugin, disable it first before you switch to the Advanced GMail plugin. The Advanced GMail plugin has a few configuration options such as “Apply Suffix” (similar to contexts but limited to only a single domain), “Username Suffix” (used with Apply Suffix, a single domain name such as “gmail.com”) , “Verify Peer” is a SSL configuration option that should be left on unless you’re having seriously strange issues (at this point, change host!) and that leaves us with “Use Contexts”. This is a simple option that has “Yes”, “No” and “Require”. What this then causes it to do is look for a context in the request and then apply the context if it finds it. The “Require” option will then enforce the use of contexts and will fail the user if the contxt doesn’t line up properly. The last option is a ‘username’ blacklist. This is a list of usernames that the plugin should never authenticate for which is useful for accounts that you may not control (e.g. ‘admin’) to prevent people logging in using it. This is an extra security feature that I’ve introduced and is certainly recommend using. Enable the plugin and we’re off!

Once both the module is configured and enabled as well as the plugin you should be able to see it in the front end. From here you can see the form and log into to it, selecting your context and then logging in appropriately.

Today I finally got around to releasing JAuthTools 1.5.4, the latest release in JAuthTools. I’ve put together a lot of stuff for this new release and I’m happy to have it released out there. This release introduces Token Login, Context Login, the release of my own LDAP and GMail authentication plugins each with extra advanced features (including context integration), an OpenID SSO plugin submitted by Ian MacLennan, a new way of handling SSO plugins with new types of plugins and many more. There are tonnes of little items that I’ve added as well as bugs that have been fixed. I will follow up with blog posts about how you can configure different items to work together.

Today was a mostly ordinary day, though the day started with me buying Red Alert 3, so that wasn’t too bad – yay! Australia! A week behind the rest of the world! I could have pirated the game and had it faster and cheaper, perhaps even finished! But I digress, it was an ordinary day.

Today is Melbourne Cup day, being the first Tuesday of November, so we had a luncheon of sorts and a drawing for the horses. Didn’t win, the food was good, I’m $10 poorer and such is life.

I’ve been spending more time at work using my Mac as a primary machine. Since I’ve moved to Exchange from Domino (or Outlook from Notes), I’ve gotten Evolution on Linux mostly working (with the exception that it doesn’t automatically look up names for emails which is tedious) and Apple’s Mail and Address Book both playing nicely with Exchange. I do miss the fact that I had Notes on my Linux desktop and things mostly worked albeit slowly and consuming large amounts of memory, but it worked with all of the features available normally. Mail’s ability to due autocompletion is what is drawing me back to it as a client, which when you start writing emails is actually more useful than you would think. Its still not up to par with the Notes autocomplete which was quite cool and a lot more advanced than either Mail’s or Outlook’s (I get Outlook via Citrix).

I’ve also been trying out NetBean’s PHP Early Access through a nightly build (has the ability to create PHP projects from existing sources) and I’m impressed with it. I tried it out because I wanted to try out debugging with my PHP instance and the dated version of Eclipse I had (3.2) seems to have issues – more than likely my fault – and I don’t want to waste time on trying to fix something. NetBean’s installed and worked almost instantly, however it took me a while to find where I could change the params to get J! to route items properly. I managed to work out the bug that I was having without too much issue. I knew what it was but not where it was: turned out to be exactly what I thought, an assignment operator used instead of the append operator. The Subversion support seems to be a bit off and doesn’t work yet, so I’m not quite ready to ditch Eclipse yet – but I’ll try with later versions to see what I get.

I had a chat with the principal (we have principal, manager, director, CEO as our chain of command) about the projects that I’m doing and the ones I’m interested in so I’ll have to do some paperwork and business cases for the new projects and justify items. We’ve recently got a new manager who is trying to find where everything is so part of this is explaining everything so that he can get a grasp of the way the system works.

Then I spent the majority of the afternoon with one of the ITS guys working through how our Citrix boxes work with Flex profiles and the mandatory profiles filling in the gaps in his knowledge and how different parts of the system and why items might break or behave in a particular way. I think he’s worked out how it works and he’s even figured out why a few issues are happening. So nothing exciting but useful.

And finally I had fun with Kerberos. I built the Kerberos module on the SLES10 server, installed it, restarted Apache and tried to get it to work. On my Mac both Safari and Firefox requested a username and password instead of using a Kerberos token and IE6 in my Citrix session seemed to just go in a weird infinite loop. I slowly worked through my entire Kerberos configuration on the server until I got to looking at the keys. It turns out that the keys were created with the wrong virtual host name for the server which is causing the issues. The keys for the real server name actually worked fine when I got around to testing them which proves that everything will work once I get the keys. The last part is a fix to the Citrix system which for some reason think that the intranet site is actually on the internet, but I’m assured that this should be easy to achieve. Getting Kerberos up and running was pretty easy ignoring the faulty keys compared with some of the nightmares I’ve had getting items to play nicely together. I’ll probably add something to my guide (http://sammoffatt.com.au/jauthtools/Kerberos) on it, to help with items.

Who knows, I may have even figured this Kerberos thing out!

Today I’ve been working on some new stuff for Joomla! to enable SSO between disparate Joomla! instances. I’ve tested it on Joomla! 1.0 and 1.5 in legacy mode. I’ll do some more work later to get it working with Joomla! 1.5 in native mode and to better integrate with JAuthTools for 1.5 (to utilise the SSO system that I’ve written for 1.5). If you’re interested, check out the JAuthTools SVN here: http://joomlacode.org/svn/jauthtools/sso/joomla10x/soapsso. If you check it out you can use the install from directory feature to install it into your test sites. I’ll have packages up in the next few days.

I’m also looking at doing some work on the JAuthTools for 1.5 to improve support. There appears to be some issues so I want to get it back up and running as well as porting/merging some of the features from the LDAP SSI into 1.5 and the LDAP Authentication plugin. I’ll probably also do some update to docs on the wiki as well to reflect the new features.

Things on my todo list after I clean up my released JAuthTools plugins:

• Backlink Manager
• JAuthTools Manager
• JDiagnostics for 1.5