AuthCrypt

This module provides two methods for authentication:

authcrypt:Hash
Username & password authentication with hashed passwords.
authcrypt:Htpasswd
Username & password authentication against an .htpasswd file.

authcrypt:Hash

This is based on exampleAuth:UserPass , and adds support for hashed passwords. Hashes can be generated with the included command line tool bin/pwgen.sh . This tool will interactively ask for a password, a hashing algorithm, and whether or not you want to use a salt:

[user@server simplesamlphp]$ bin/pwgen.php
Enter password: hackme

$2y$10$PnFsSEv.lda1Qlw4iMtmB.B.ab5y.aT56stBmo9hdCN.rUywQMChC

Now create an authentication source in config/authsources.php and use the resulting string as the password:

'example-hashed' => [
    'authCrypt:Hash',
    'student:$2y$10$PnFsSEv.lda1Qlw4iMtmB.B.ab5y.aT56stBmo9hdCN.rUywQMChC' => [
        'uid' => ['student'],
        'eduPersonAffiliation' => ['member', 'student'],
    ],
],

This example creates a user student with password hackme , and some attributes.

Compatibility

The generated hashes can also be used in config.php for the administrative password:

'auth.adminpassword' => '$2y$10$PnFsSEv.lda1Qlw4iMtmB.B.ab5y.aT56stBmo9hdCN.rUywQMChC',

Instead of generating hashes, you can also use existing ones from OpenLDAP, provided that the userPassword attribute is stored as MD5, SMD5, SHA, or SSHA.

authCrypt:Htpasswd

Authenticate users against an .htpasswd file. It can be used for example when you migrate a web site from basic HTTP authentication to SimpleSAMLphp.

The simple structure of the .htpasswd file does not allow for per-user attributes, but you can define some static attributes for all users.

An example authentication source in config/authsources.php could look like this:

    'htpasswd' => [
        'authcrypt:Htpasswd',
        'htpasswd_file' => '/var/www/foo.edu/legacy_app/.htpasswd',
        'static_attributes' => [
            'eduPersonAffiliation' => ['member', 'employee'],
            'Organization' => ['University of Foo'],
        ],
    ],