Delegated authentication configuration
š¤¦ š¤¦ š¤¦ Combodo's customers only š š š
- name:
- Delegated authentication configuration
- description:
- UI to configure OpenID Authentication
- version:
- 2.0.2
- release:
- 2026-04-21
- itop-version-min:
- 3.0.0
- code:
- combodo-hybridauth-configuration
- state:
- stable
Features
This extension simplifies the configuration of an OpenID provider, which can handle the authentication for iTop.
-
Configure your external provider (ID/SECRET)
-
Enable creation of iTop account (user and contact) as they connect for the first time.
Revision History
| Version | Release Date | Comments |
|---|---|---|
| 2026-04-21 | 2.0.2 | * NĀ°7580 - Update delegated authentication
configuration admin settings display * NĀ°9398 - Add specific paths to delegated authentication endpoints list (Delegated authentication configuration) |
| 2025-07-21 | 2.0.1 | * NĀ°7580 - Update delegated authentication configuration admin settings display |
| 2025-06-13 | 2.0.0 | * Add OktaOIDC provider * NĀ°8375 - Auto provizioning doesn't update contact/user |
| 1.1.0 | * NĀ°8181 - Champ non documentĆ© / non traduit dans
le formulaire de configuration * NĀ°7673 - Oauth2 for webhook * :globe_with_meridians: German Translations (#3) * NĀ°8107 - 1st portal connexion has error displayed |
|
| 2024-09-03 | 1.0.3 | * NĀ°7780 - 'allowed_login_types' order doesn't
work for authentification with OpenID * Avoid to save broken configuration with empty hybridauth adapter |
| 2024-08-02 | 1.0.2 | * NĀ°7582 - Be able to tune debug configuration
from UI * NĀ°7584 - Login mode with special characters were not supported - fixed * NĀ°7589 - Move menu under Delegated authentication group, change label openID/Oauth by OpenID/Oauth (uppercase O) * NĀ°7716 - Fix PHP 8.1 deprecated warning * Added French translations |
| 2024-01-25 | 1.0.0 | First version |
Limitations
Compatible with minimum iTop 3.x
Requirements
Installation
Use the Standard installation process for this extension.
Usage
Current extension proposes a screen for external authentication delegation.
For those advanced setting, you will have to edit the Configuration file.
Booth modes to edit this configuration are compatible and no settings will be lost
Menu access
Configuration page is available to iTop Administrators and Users
having write access on the following resource:
RessourceHybridAuthMenu.
Main screen
When clicking on 'save' button all settings are saved in iTop configuration.
When a specific provider is enabled you can also save immediately the configuration and validate external authentication through selected provider. It consists in successively saving your settings, disconnecting from iTop and trying to reconnect through external provider.
Configuration
Menu/screen access
By default this new screen is accessible only by Administrators. If you want to give access to other profiles please customize your iTop with something like this:
<user_rights> <profiles> <profile id="x" _delta="must_exist"> <!-- x is a number which must correspond to an existing iTop profile --> <groups> <group id="RessourceHybridAuthMenu" _delta="define"> <actions> <action id="action:write">allow</action> </actions> </group> </groups> </profile> <profiles> <user_rights>
External provider list
-
By default all available hybridauth/hybridauth lib providers are proposed from below V3.11.0 library
https://hybridauth.github.io/providers.html
-
You can restrict the proposed providers likewise in the iTop configuration
$MyModuleSettings = array( 'combodo-hybridauth-configuration' => array ( 'ui_proposed_providers' => array ( 0 => 'Google', 1 => 'MicrosoftGraph', ), ), )
-
The drop down list will restrict to the listed providers. but it will also propose any other provider listed in combodo-hybridauth configuration section (cf āMy providerā in below example section)
Example
'combodo-hybridauth' => array ( 'debug' => true, 'default_profile' => 'Portal User', 'providers' => array ( 'My provider' => array(), ), ),
