Does Scriptcase supports Single Sign on (SSO

Is there someone that has experience with SSO and scriptcase?

SSO is nothing more then sigle sign on. For example SAML. You can code your own or better use SimpleSaml
See here: https://simplesamlphp.org/

Thanks. Can it be combined with the security i allready build with scriptcase (Read the information in the databases and the globale variables in IT)

Yes, but you need to make the integration yourself. Not that difficult, in the logon application that you have generated you replace the database logon with the saml code. For the rest, the internal security works as before.

Thanks i’ll give it a try

Hi, could you perhaps give more info about this topic?

After googling I saw there are multiple topics on these forums asking questions about SSO, but no definitive answer!

I also need to integrate SSO on our scriptcase projects that runs on intranet, so our users don’t have to input credentials on each login, but it can take windows credential and automatically login.

In another thread, you wrote this, answering someone who asked about the implementation of SimpleSaml into scriptcase.

“The first thing is to store the lib in a good place where you can reach it. Do not put it into _lib because it will be overwritten on each new SC update. Create a _customlib or something similar. You need to upload this lib manually as it’s not a part of the sc package. Then you can use events to include it and use the functions.”

so I have a custom lib folder for our external libraries, but I’m clueless about SimpleSaml. I read the documentation on the website but it’s not very clear to me.

Could you provide a more specific example please?

Currently our Security module is setup with LDAP, so each user has to put in the credentials on the login page of our Scriptcase Project.

Thank you

Currently scriptcase has more options to store you libs into, like external libraries. Investigate that, I know scriptcase has a video about that on youtube. The sso code you need to write yourself, but in general you redirect to the sso partner and they will call you back with a ‘good/wrong’ indication.

Hi,

Im trying to get this working now and I have got the SimpleSAML stuff working ok its just I can’t tell scriptcase which user it should be logged in as.

SSO logins in OK then im trying to pass the login info to script case but this is the bit im stuck with.

Have you done this before? I feel like I should be setting the [user_login] variable possibly in the session but after some looking at the forums and google I still can’t seem to find the correct code.

any help is appreciated.

thanks!

Generate the security module of Scriptcase and replace the login by the Saml procedure. Then the rest will work the Scriptcase way.

thanks for the reply however im still stuck on this.

Here is the code im running in the onScriptInit event of the app_Login page of the security module

sc_reset_apl_status();
sc_reset_global([usr_login], [usr_email]);

require_once('../_lib/libraries/sys/SimpleSAML/lib/_autoload.php');

$as = new \SimpleSAML\Auth\Simple('default-sp');

$as->requireAuth();

$attributes = $as->getAttributes();

//  print_r($attributes);

//[usr_login] = $attributes['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress'];

[usr_login]		= 'admin';
[usr_priv_admin] 	= TRUE;
[usr_name]		= 'Admin';
[usr_email]		= 'admin@test.com';

This code will redirect to the SSO login allow the user to login via Azure then redirect back to the page and return the user details in the $attributes variable.

The final lines of code is just for testing and I will replace with the actual user attributes once its work. for now my understanding is this should set the logged in user to ‘admin’ however this is not the case.

Do I need to run this code in the onValidate event to get it to work? if so can I trigger this event manually when after the user has logged in via SSO?

Thanks!

1 Like

I got this working last year but it was difficult as I recall the session variables don’t pass correctly so I ended up having to use a database to store the returned token. Not elegant at all, has anyone else managed to do it cleaner?

Not sure, but afaik SC has issues with requires within it’s own code. It might be that there are other autoloads, but again, not sure

I have implemented similar
I get the values, assign them to local variables and then execute:

				sc_set_global($usr_login);
				sc_set_global($usr_priv_admin);
				sc_set_global($usr_name);
				sc_set_global($usr_email);
				sc_set_global($usr_company);	
				sc_set_global($usr_department);

works fine.

Thanks for the reply for some reason I still cant get it to work. i have been trying to set the user to both my Azure login and just local admin user both are created in scriptcase but i still get unauthorzied user after i hit the saml page.

Do i need to place the SAML code on the same page as the scriptcase login page?

cheers

in my case I’ve two separate login pages because i’ve both local users and saml users
unauthorized user could be related to access permission to some applications
check the user has access/permission to these applications in SC.
how do you manage the security in your applications?
try to disable security and review if access errors remain.

thanks for the reply finally got this sorted late last night just before i finished work.

the problem was the SimpleSAML code we breaking the scriptcase code to authorise the pages so i had to seperate them then pass the user details to the app_Login page to be processed.

I have one page that does all the SimpleSAML stuff then it passes the usename and other details in a json string to the app_Login page.

next run a sql script to confirm the user is valid and exists within scriptcase then set the usr_login global var and run the validate success function to log the user in.

painful but i got there in the end

Is there any way to get a handout or something how to get this working. need help and get stuck on this.