The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Single sing-on

Discussion in 'General Discussion' started by adm.iuri, Apr 1, 2008.

  1. adm.iuri

    adm.iuri Member

    Joined:
    Dec 26, 2003
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    someplace
    Hello people,

    Well, I need to integrate CPanel with another project, so I want to use the same cpanel user and password, is it possible? is there an api for do it like openid does?

    thanks in advance,
    Iuri
     
  2. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    cPanel users are created as standard Unix users. I know some have attempted to use this fact as a basis for integrating the login credentials with other projects.
     
  3. adm.iuri

    adm.iuri Member

    Joined:
    Dec 26, 2003
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    someplace
    I know how to do it, but what I want is something more complex, it's like google does

    example

    I'm a costumer and then

    1) I log in cpanel site using my credentials
    2) I navigate for some time on cpanel
    3) I leave cpanel site and go to another authenticated site (not cpanel related)
    4) When asked, I put the same credentials of cpanel
    5) I do some stuff

    Well, I want to skip step 4, I don't want to do auth step again, it's like how google does, it's like how open id works.. single sing on by using only one auth across different sites, is it possible?
     
  4. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,458
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Generally such have to either:

    1. All be on the same domain (limitation of client side tokens)
    2. All sites must use a common authentication system

    You can possibly do this with cPanel by doing the following:

    1. Disable HTTP Authentication
    2. Replace all login forms/pages with your own that uses the Authentication/Session system of your choice (e.g. OpenID)
    3. Provide a 'driver' for the chosen authentication/session system to use the cPanel XML-API to do the actual authentication with cPanel

    The above may or may not work. Some of the problems that may arise:

    1. Mapping the Authentication ID from your chosen Auth/Session system (e.g. OpenID) to what cPanel requires
    2. Storing the session info in a way to be accessible on multiple sites, especially if you are trying to avoid client side token storing (i.e. cookies)
     
  5. adm.iuri

    adm.iuri Member

    Joined:
    Dec 26, 2003
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    someplace
    Thanks, I will try (maybe work you said).
     
  6. adm.iuri

    adm.iuri Member

    Joined:
    Dec 26, 2003
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    someplace
    Is it really possible?
    Is there someway to bypass cpanel authentication?
    It's possible to use cpanel api without authenticate through a POST on /login/ ?
     
  7. adm.iuri

    adm.iuri Member

    Joined:
    Dec 26, 2003
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    someplace
    I didn't find any documentation about how to do authentication using cPanel XML-API.
     
  8. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Are you trying to authenticate cPanel/WHM users, FTP users, Email users, or what other type of user?
     
  9. adm.iuri

    adm.iuri Member

    Joined:
    Dec 26, 2003
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    someplace
    I want to authenticate a cpanel user, and (if possible) using xml-api, so I don't need to post on http://xxxx:2082/login to complete authentication.

    my objective is to replace current auth system.
     
  10. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    There's nothing in the XML-API itself to handle authentication. However, keep in mind those users are standard unix users, so you could just authenticate against the system, bypassing cPanel/WHM entirely.
     
  11. adm.iuri

    adm.iuri Member

    Joined:
    Dec 26, 2003
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    someplace
    Yeap, I know about this, but I want to offer to my clients a single sing on alternative, I don't want they to auth them again.

    I'm thinking about use a hidden iframe to do this, but it's IMHO a poor hack.

    Thanks.
     
  12. adm.iuri

    adm.iuri Member

    Joined:
    Dec 26, 2003
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    someplace
    Do you know how CPanel does the authentication? is it above pam?

    if so maybe I can get it working how I desire (making a pam module).
     
  13. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    For the actual cPanel interface, it's good old HTTP authentication (unless that is disabled, then it uses cookie authentication).

    However, FTP, SSH etc. do use PAM.
     
Loading...

Share This Page