Learn / eZ Publish / Using a SSO in eZ Publish

Using a SSO in eZ Publish

This kind of tools is quite common on the web; Google or MSN use it (one authentication for all their applications). Of course, there are many ways to interface with a SSO, depending on the CMS or on the framework you use. eZ Publish, since version 3.8, allows to develop SSO Handlers in a form of a plugin to authentication system. With this article, I will try to show you how it works.

Developping a SSO Handler

The principle of this kind of handler is quite simple, as you just need to develop, in an extension, a PHP class implementing handleSSOLogin() method. Please note that I assume you know how to develop a basic eZ Publish extension. If it's not the case, you may refer to this excellent article.

Handler declaration

In the settings/ folder of your extension (I'll name it jvsso), make an override of site.ini for your siteaccess. You can also make this override directly under settings/, that will make your SSO handler available for very siteaccesses of your eZ Publish instance.

In your site.ini.append.php override, make the following declaration :

<?php /* #?ini charset="utf-8"?

[UserSettings]
ExtensionDirectory[]=jvsso
SingleSignOnHandlerArray[]=Lolart

*/
?>

Here we declare that jvsso extension must be taken into account by eZ Publish authentication system, and that this extension contains a SingleSignOnHandler, called Lolart. Please note that the SSO handler name is contained in an array, which means that it is possible to declare several ones, successively called until an authentication succeeds (if you are curious, take a look at eZUser class - kernel/classes/datatypes/ezuser/ezuser.php - around line 1150 if you want to see how eZ Publish make these calls).

PHP class development

In your extension folder, create a sso_handler/ folder. This folder is aimed to contain the PHP class we'll develop. The name of the PHP file and the name of the class must follow the following specifications :

  • PHP file has to be named ez<handler_name_lowercase>ssohandler.php. It gives : ezlolartssohandler.php
  • PHP class has to be named eZ<handler_name>SSOHandler, which gives eZLolartSSOHandler.

Our PHP class must at least implement handleSSOLogin() method. This method must return a valid eZ Publish user (eZUser object) or false if it fails.

<?php
    class eZLolartSSOHandler
    {
        public function __construct()
        {
         // Here you can make initialization stuffs for your handler
        }

        /**
         * Return a eZUser PHP object to be logged in eZ Publish
         * If authentication fails, just return false
         */
        public function handleSSOLogin()
        {
            $currentUser = false; // Default falue that we return if authentication fails.
            
            // Here you can do everything you need to identify your user (interface with SSO, search the SSO database...)
            // In all cases, you must return a valid eZ Publish user or false
            // User must be created if needed
            
            return $currentUser;
        }
    }

Et voilĂ  ! Now we just have to activate our extension and clear our INI caches !

French translation of this article on the original author's blog.

Article Discussion

Using a SSO in eZ Publish

eZ debug

Timing: Jan 17 2025 23:42:44
Script start
Timing: Jan 17 2025 23:42:44
Module start 'content'
Timing: Jan 17 2025 23:42:44
Module end 'content'
Timing: Jan 17 2025 23:42:44
Script end

Main resources:

Total runtime0.1856 sec
Peak memory usage4,096.0000 KB
Database Queries166

Timing points:

CheckpointStart (sec)Duration (sec)Memory at start (KB)Memory used (KB)
Script start 0.00000.0056 588.8281180.8359
Module start 'content' 0.00560.0522 769.6641463.6953
Module end 'content' 0.05780.1277 1,233.3594400.0547
Script end 0.1855  1,633.4141 

Time accumulators:

 Accumulator Duration (sec) Duration (%) Count Average (sec)
Ini load
Load cache0.00422.2512210.0002
Check MTime0.00160.8642210.0001
Mysql Total
Database connection0.00060.312010.0006
Mysqli_queries0.114961.90831660.0007
Looping result0.00180.97511640.0000
Template Total0.163788.220.0818
Template load0.00221.178820.0011
Template processing0.161587.009820.0807
Template load and register function0.00010.051310.0001
states
state_id_array0.00030.148710.0003
state_identifier_array0.00060.315720.0003
Override
Cache load0.00190.9994450.0000
Sytem overhead
Fetch class attribute name0.00160.859910.0016
Fetch class attribute can translate value0.00040.226210.0004
class_abstraction
Instantiating content class attribute0.00000.002710.0000
XML
Image XML parsing0.00020.120110.0002
General
dbfile0.00231.2146220.0001
String conversion0.00000.003230.0000
Note: percentages do not add up to 100% because some accumulators overlap

CSS/JS files loaded with "ezjscPacker" during request:

CacheTypePacklevelSourceFiles
CSS0extension/community/design/community/stylesheets/ext/jquery.autocomplete.css
extension/community_design/design/suncana/stylesheets/scrollbars.css
extension/community_design/design/suncana/stylesheets/tabs.css
extension/community_design/design/suncana/stylesheets/roadmap.css
extension/community_design/design/suncana/stylesheets/content.css
extension/community_design/design/suncana/stylesheets/star-rating.css
extension/community_design/design/suncana/stylesheets/syntax_and_custom_tags.css
extension/community_design/design/suncana/stylesheets/buttons.css
extension/community_design/design/suncana/stylesheets/tweetbox.css
extension/community_design/design/suncana/stylesheets/jquery.fancybox-1.3.4.css
extension/bcsmoothgallery/design/standard/stylesheets/magnific-popup.css
extension/sevenx/design/simple/stylesheets/star_rating.css
extension/sevenx/design/simple/stylesheets/libs/fontawesome/css/all.min.css
extension/sevenx/design/simple/stylesheets/main.v02.css
extension/sevenx/design/simple/stylesheets/main.v02.res.css
JS0extension/ezjscore/design/standard/lib/yui/3.17.2/build/yui/yui-min.js
extension/ezjscore/design/standard/javascript/jquery-3.7.0.min.js
extension/community_design/design/suncana/javascript/jquery.ui.core.min.js
extension/community_design/design/suncana/javascript/jquery.ui.widget.min.js
extension/community_design/design/suncana/javascript/jquery.easing.1.3.js
extension/community_design/design/suncana/javascript/jquery.ui.tabs.js
extension/community_design/design/suncana/javascript/jquery.hoverIntent.min.js
extension/community_design/design/suncana/javascript/jquery.popmenu.js
extension/community_design/design/suncana/javascript/jScrollPane.js
extension/community_design/design/suncana/javascript/jquery.mousewheel.js
extension/community_design/design/suncana/javascript/jquery.cycle.all.js
extension/sevenx/design/simple/javascript/jquery.scrollTo.js
extension/community_design/design/suncana/javascript/jquery.cookie.js
extension/community_design/design/suncana/javascript/ezstarrating_jquery.js
extension/community_design/design/suncana/javascript/jquery.initboxes.js
extension/community_design/design/suncana/javascript/app.js
extension/community_design/design/suncana/javascript/twitterwidget.js
extension/community_design/design/suncana/javascript/community.js
extension/community_design/design/suncana/javascript/roadmap.js
extension/community_design/design/suncana/javascript/ez.js
extension/community_design/design/suncana/javascript/ezshareevents.js
extension/sevenx/design/simple/javascript/main.js

Templates used to render the page:

UsageRequested templateTemplateTemplate loadedEditOverride
1node/view/full.tplfull/article.tplextension/sevenx/design/simple/override/templates/full/article.tplEdit templateOverride template
1content/datatype/view/ezxmltext.tpl<No override>extension/community_design/design/suncana/templates/content/datatype/view/ezxmltext.tplEdit templateOverride template
4content/datatype/view/ezxmltags/link.tpl<No override>design/standard/templates/content/datatype/view/ezxmltags/link.tplEdit templateOverride template
9content/datatype/view/ezxmltags/strong.tpl<No override>design/standard/templates/content/datatype/view/ezxmltags/strong.tplEdit templateOverride template
6content/datatype/view/ezxmltags/emphasize.tpl<No override>design/standard/templates/content/datatype/view/ezxmltags/emphasize.tplEdit templateOverride template
9content/datatype/view/ezxmltags/paragraph.tpl<No override>extension/ezwebin/design/ezwebin/templates/content/datatype/view/ezxmltags/paragraph.tplEdit templateOverride template
3content/datatype/view/ezxmltags/header.tpl<No override>design/standard/templates/content/datatype/view/ezxmltags/header.tplEdit templateOverride template
2content/datatype/view/ezxmltags/literal.tpl<No override>extension/community/design/standard/templates/content/datatype/view/ezxmltags/literal.tplEdit templateOverride template
2content/datatype/view/ezxmltags/li.tpl<No override>design/standard/templates/content/datatype/view/ezxmltags/li.tplEdit templateOverride template
1content/datatype/view/ezxmltags/ul.tpl<No override>design/standard/templates/content/datatype/view/ezxmltags/ul.tplEdit templateOverride template
1pagelayout.tpl<No override>extension/sevenx/design/simple/templates/pagelayout.tplEdit templateOverride template
 Number of times templates used: 39
 Number of unique templates used: 11

Time used to render debug report: 0.0002 secs