Option to work with Okta

[GJSchaller]

I've been looking for some time for a way to enable our Joomla based intranet with Okta, a SSO provider. They use SAML, but have a different setup from Lastpass, obviously.

When I attempted to configure the plugin, I got an error message that I would need to manually configure SimpleSAML's files. Doing some research online, I also found this:

http://stackoverflow.com/questions/29500189/simplesamlphp-sp-okta-idp

Would it be possible to have an option for this plugin that enables it to play nice with Okta, out of the box?

Thank you for your help!

[bcopeland]

Are you referring to the part where you need to edit:

 joomla/plugins/authentication/lpsaml/simplesamlphp/config/authsources.php

There's not much required here, you just need to change:

        'idp' => 'https://lastpass.com/saml/idp',

to whatever Okta uses for your organization (what that is, I have no idea, though.)

To be honest, as this is a LastPass-sponsored project, I don't think we can spend much effort on this, not least because we don't have Okta in house and would have no way to test anything. That said, I'd be happy to merge a patch that exposes this as a setting in the configuration UI, or changes the setup to use an IdP metadata file.

[GJSchaller]

Ah - we tried the edit, but we're still getting errors asking us to configure authsources.php, so I was not sure what I was missing.

A patch that makes this a setting would be WONDERFUL. There's a severe lack of SAML extensions that aren't app specific, so this would be a godsend.

Thank you!

[bcopeland]

Can you post the actual errors?

[GJSchaller]

Unhandled exception

An unhandled exception was thrown.
If you report this error, please also report this tracking number which makes it possible to locate your session in the logs available to the system administrator: ac9a078f0c
Debug information

The debug information below may be of interest to the administrator / help desk:

SimpleSAML_Error_Error: UNHANDLEDEXCEPTION
Backtrace:
1 /home/khronos/public_html/joomla/plugins/authentication/lpsaml/simplesamlphp/www/_include.php:48 (SimpleSAML_exception_handler)
0 builtin
Caused by: Exception: /home/khronos/public_html/joomla/plugins/authentication/lpsaml/simplesamlphp/config/config.php: The option 'timezone' is not a valid string value.
Backtrace:
3 /home/khronos/public_html/joomla/plugins/authentication/lpsaml/simplesamlphp/lib/SimpleSAML/Configuration.php:544 (SimpleSAML_Configuration::getString)
2 /home/khronos/public_html/joomla/plugins/authentication/lpsaml/simplesamlphp/lib/SimpleSAML/Utilities.php:1909 (SimpleSAML_Utilities::initTimezone)
1 /home/khronos/public_html/joomla/plugins/authentication/lpsaml/simplesamlphp/www/_include.php:120 (require_once)
0 /home/khronos/public_html/joomla/plugins/authentication/lpsaml/simplesamlphp/www/module.php:13 (N/A)
How to get help

This error probably is due to some unexpected behaviour or to misconfiguration of simpleSAMLphp. Contact the administrator of this login service, and send them the error message above.

[GJSchaller]

Would it be possible to Fork this project, for Okta to use? They have their own development team that might be able to take over for their end. I am not sure if the LGPL would allow for this to happen.

[bcopeland]

Okta is free to fork (and to send us pull requests!). The plugin is actually GPL, not LGPL, although the main part is built around simplesamlphp which is LGPL (I believe Joomla requires community plugins to be released under GPL).

For Okta, this roughly means they will be able to take and modify the code, provided the changes are released back to the community.