Mixed authentication mode

This site uses cookies. By continuing to browse this site, you are agreeing to our Cookie Policy.

  • Mixed authentication mode

    Hi there,

    I am trying to set up a mixed authentication: some users must be authenticated against Office365, others by Jedox natively.
    I have the Office365 authentication working, and the admin user can login natively as well but I can't figure out how to authenticate a user natively in OnUserAuthenticate.

    Here is my code:

    Source Code

    1. require_once('../../htdocs/app/base/rtn/login.php');
    2. require_once('../../htdocs/app/base/AccessPolicy.php');
    3. use \Firebase\JWT\JWT;
    4. class SEPEventHandler extends SEPEventHandlerBase {
    5. ...
    6. public function OnUserAuthenticate($username, $password) {
    7. // Verify ID Token passed by /oauth/authorize.php in $user parameter starting with 'id_token:'
    8. $authenticated = false;
    9. // Check if user is in group o365
    10. $is_O365user = palo_data("SupervisionServer/System","#_USER_GROUP",$username,"O365");
    11. if($is_O365user && $password[0] == "\t" && $password[2] == "\t"){
    12. $id_token = substr($password,3);
    13. // Verify the token is valid
    14. try{
    15. $azurePublicKeyURL = 'https://login.windows.net/common/discovery/keys';
    16. $publicKeysWithKIDasArrayKey_arr = self::loadKeysFromAzure($azurePublicKeyURL);
    17. $jwt_id_token_decoded = JWT::decode($id_token, $publicKeysWithKIDasArrayKey_arr, array('RS256'));
    18. if (!is_null($jwt_id_token_decoded)) {
    19. $authenticated = true;
    20. sep_log('User '.$username.' is in group O365 and its token is verified!');
    21. }
    22. } finally { if(!$authenticated) sep_log('Token is invalid'); }
    23. } else {
    24. $credentials = array("user"=>$username,"pass"=>$password);
    25. $native_auth = login::in($credentials);
    26. sep_log('Native authentication of user '.$username.': '.$native_auth);
    27. $authenticated = $native_auth;
    28. }
    29. return $authenticated;
    30. }
    Display All


    It fails on $native_auth = login::in($credentials);

    olap_server.log:
    [system] error code: 1019 description: worker authorization failed message: SVS OnUserAuthenticate failed


    Any clue?

    Thanks

    Regis