Login - JAuthentication

Discussion regarding Joomla! 1.5 security issues.
Joomla! Vulnerable Extensions: http://feeds.joomla.org/JoomlaSecurityV ... Extensions

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Locked
axelsauerhoefer
I've been banned!
Posts: 43
Joined: Fri Oct 20, 2006 7:36 am
Location: Germany

Login - JAuthentication

Post by axelsauerhoefer » Fri Aug 24, 2007 5:19 pm

Hi everybody,

today i wrote an authentication plugin for authentification over ssh login. After installation i activated the plugin, but dont disabled the standard joomla plugin. Everytime i tried to test my ssh plugin, my code was not executed. I found out, that the authenticate function from JAuthentication breaks the plugin loop after finding a valid login. But this isnt the behavior i expected.

It is not much better to check all activated plugins, if the returned ok and if some one failed to deny the access ?

best regards,
axel

User avatar
RobS
Joomla! Ace
Joomla! Ace
Posts: 1367
Joined: Mon Dec 05, 2005 10:17 am
Location: New Orleans, LA, USA
Contact:

Re: Login - JAuthentication

Post by RobS » Fri Aug 24, 2007 8:00 pm

We spent a bit of time contemplating this strategy and when it comes to login, you may want to offer multiple options such as regular and OpenID so you need the system to behave this way. 

I think you could most likely achieve what you want with a user plugin instead that listens for onLoginUser().  The onLoginUser event in Joomla! is what actually puts the cookies and place and the session in the database.  JAuthentication, just checks that they are using a valid set of credentials.  So, what you would do is created a user plugin that listens to onLoginUser() and when that is fired, launch the SSH login system.  If I remember correctly, if one of the onLoginUser() events fail, they all fail.  That is how Joomla! is capable of handling single sign-on systems.

I hope that helps.
Rob Schley - Open Source Matters
Webimagery - http://www.webimagery.net/ - Professional Consulting Services
JXtended - http://www.jxtended.com/ - Free and Commercial Joomla! Extensions

axelsauerhoefer
I've been banned!
Posts: 43
Joined: Fri Oct 20, 2006 7:36 am
Location: Germany

Re: Login - JAuthentication

Post by axelsauerhoefer » Sat Aug 25, 2007 11:58 am

Hi RobS,

thank you very much for this anwser, it helped me a lot :) i am very new with Joomla 1.5 and the available events.

best regards,
axel


Locked

Return to “Security in Joomla! 1.5”