Single sign on for Joomla admin and frontend - joomla

Is it possible to implement single signon for Joomla 1.5 backend and frontend. I find it kind of redundant that when the admin for instance is logged in at the backend and needs to do some user function on the frontend has to login again. Is there a way of implementing a single signon?

Joomla! is implemented as two separate applications the front-end initiated from /index.php and the back-end administration from /administrator/index.php as such they have separate user sessions and states.
The separation is a standard security approach, while you could write your own mod_login to do this I wouldn't advise it unless you're very clear on what you're doing.
Having said that, there are 255 Joomla! extensions in the Access & Security ——> Site Access section dealing with logins. Have you tried looking there?

This joomla extension can do that.
http://www.everlive.net/joomla-extensions/15-joomla-admin-from-frontend.html
Just login to frontend as an admin user. You will be logged-in automatically to backend. Further it gives you useful direct links for various backend operations like article add, edit, publish, unpublish etc. Same kind of links are available for modules and menu items.

Related

Get laravel current user on external php website

I have created an application with Laravel 7 that contains users that can log in.
In parallel, I create a showcase site for the application (another domain) and essentially html/css.
I would like on this showcase site to propose login and registration buttons if there is no user connected to the laravel.Otherwise I would just like to propose a "Dashboard" button if a user is connected to the Laravel application.
How to do that? I confess that I'm a bit lost. Thanks for your help.
You need to create an API on the laravel app which will be used by the "showcase site".
To login and authorize themselves you can use JWT
to keep user data and use it on the showcase site you can either save them in
localstorage (just be careful not to save any sensitive data there as people can take that information in case of XSS vulnerable)
indexdb
cookies
None of these methods are safe. They can be exploited using XSS so i advice on using JWT to secure sensitive data.

what is soap in magento? what is use of it?what is use of soap/xml-RPC-user?

what is use of soap/xml-RPC-user and soap/xml-RPC-roles?
in system menu there is one menu item web services contains 4-5 options like soap/xml-RPC-user and soap/xml-RPC-roles.
what is use of it? how to use that?
The original Magento API was implemented both in SOAP and XML-RPC. SOAP and XML-RPC are well known technologies for creating functions, classes, and methods client-programmers may call over HTTP. Explaining them in greater detail is beyond the scope of a Stack Overflow question.
The User and Roles menus are the for the authentication portion of the Magento API. To authenticate the API, you call a login method, passing in a username and password. You setup this user name and password in the Users menu you mentioned.
Each user you setup has access to a "role". Roles determine which API functions a user may call. You setup the roles in the Roles menu you mentioned. You assign a role to a User when you're editing it in the User section you mentioned.
In newer versions of Magento these sections are explicitly labeled with SOAP/XML-RPC to differentiate them from the newer REST APIs.
At first you'll need to know the use of web services. To acquire basic knowledge of web services,soap and xml-rpc read below url
http://nanostuffs.com/Blog/?p=1152
http://blog.manishchhabra.com/2013/04/rest-and-soap-web-services-analogy/
After getting basic knowledge of web services read how to use it in magento from below url
http://www.magentocommerce.com/wiki/5_-_modules_and_development/0_-_module_development_in_magento/introduction
http://inchoo.net/ecommerce/magento/magento-api-v2/
http://inchoo.net/ecommerce/magento/magento-v2-soap-demystified/

Checking if current visitor is logged in to Joomla's backend

I would like to keep Joomla from including tracking code for Google Analytics when I am logged in to the backend. For this purpose I am trying to determine whether a user who is browsing the website is also currently logged in to Joomla's backend. The problem is - when I use methods like JUser::getAuthorisedGroups() or JUser::getAuthorisedViewLevels(), Joomla's frontend still recognizes me as an unregistered guest.
I know Joomla keeps separate information about the current user for backend and frontend. But is there a way around it?
Logging in to the admin and viewing the front end both start independent sessions that are not related so using getUser() is only going to return the info for the current session.
Luckily, there are a couple of options. First, you can block your IP from being tracked in GA. Second, you can log in to the front end, then use a plugin to filter out logged in admin users.

Custom Joomla authorization

The situation is quite complicated and why do I need it - do not ask - boss want!
So, immediately after the default authorization i need to run the custom module, which will have an additional test for authorization in another database and depending on its result i need to decide authorize user or not.
Are there any suggestions except for source corrections?
If you are using Joomla's built-in 'Login Menu', you can set 'Login Redirect' parameter to another page and if you are using Joomla's native login module, you can set redirect parameter to any page of your site that you want.
In your case I would recommend to create a simple component (not a module) that authorizes your user for second time, and redirects them again to any other page that you want (if second login was successful) or kick the user (if second login was unsuccessful). If you do that, you'll be able to create a menu for your component and redirect your login panel (either it's a menu or a simple login module) to your component's menu.
Creating components for Joomla is not a big deal if you have a little of knowledge in php programming and there are some tools that may speed up creating your component, like this one: http://www.notwebdesign.com/joomla-component-creator/
Why not make an authentication plugin and use that rather than the core joomla one?
This is for 1.5 but the principles are the same now.
http://docs.joomla.org/Creating_an_Authentication_Plugin_for_Joomla_1.5
Are the Joomla login credentials for a user the same as the other system that you are using? If so, then you can create a plugin that passes those credentials to your other system on a successful Joomla login event.
If not, then it gets a little tricky. Either your users will have to provide both sets of credentials, once for Joomla that then redirects to your other system for the second login, or you will have to extend your user accounts so you can associate the second set of credentials to a user. You can then use a plugin to pass the related credentials to your secondary system after a successful Joomla login event.

Share user login/session between cakephp and moodle

I have a website already running made with CakePHP, which has its own login system using the Auth component.
Now I'm going to create another website using moodle, hosted in the same server. Is there any way to share the user session between those 2 websites?
For example, if a user logs into the moodle website and clicks a link to a page of the other website, he is not asked to log in again, since the system recognises that he is already logged in.
I guess that one thing to do would be to tell moodle (somehow) to use same table of users in the database that the CakePHP website is already using. And then tell the CakePHP website to accept the sessions created in that other website. Something like this right?
But I don't know how to do those things or if they even possible, any advice on how to approach this would be very helpful.
Single sign-on (SSO) is not currently a trivial thing to do in Moodle.
Some other approaches you may consider are:
Use external authentication in Moodle and configure it to use Cake's database. Does not provide SSO but tells Moodle to use Cake's user accounts.
Configure both Moodle and Cake to use a common authentication system like LDAP, POP3 or CAS. Depending of your choice it is possible that you may achieve SSO.
More information about Moodle authentication plug-ins in this page:
http://docs.moodle.org/dev/Authentication_plugins

Resources