This is an authentication plugin for LimeSurvey enabling Single Sign-On with any identity provider using the OAuth2 protocol.
It uses the league/oauth2-client
library
and can be configured for any identity provider that supports OAuth2 with the
authorization code grant flow and supports automatic creation of new users.
- go to releases and download the latest release Zip archive
- alternatively you can zip from sources:
cd ..
# for the plugin to install, the directory shall have the sames name as the php file
mv limesurvey-oauth2 AuthOAuth2
zip -r AuthOAuth2.zip AuthOAuth2
- for LimeSurvey 5.x and above : upload the Zip archive in the plugin manager
- for LimeSurvey 3.x: extract the Zip archive and place the contents in
<limesurvey_root>/plugins/AuthOAuth2/
- configure the plugin in the plugin manager
- activate the plugin in the plugin manager
To test the latest development version git clone
this repository
into <limesurvey_root>/plugins/AuthOAuth2/
and run composer install
in it to download all dependencies.
Before activating the plugin open its configuration from the plugin manager.
With your identity provider create a new app for LimeSurvey and paste the Redirect URI shown in the LimeSurvey configuration there. Fill in the Client ID, Client Secret, Authorize URL, Scopes and Access Token URL into the plugin configuration according to the documentation of your identity provider.
The User Details URL should point to an API endpoint that provides a JSON object with details on the current user using the retrieved access token. The details should include a unique username, the e-mail address and a display name. Further below you can specify the keys of the JSON object containing these details.
With the Identifier Attribute you can configure whether users should be matched using the username or the e-mail with existing users in the LimeSurvey database. If Create new users is enabled new LimeSurvey users will automatically be created if they can not be found in the database. You can configure permissions and (starting with LimeSurvey 4.x) user roles that will be automatically assigned to all created users.
If Use as default login is enabled instead of showing the LimeSurvey login form users will be redirected to the configured OAuth2 identity provider and logged in automatically on success. Otherwise the user has to select OAuth2 as authentication method manually.
Below the Use as default login checkbox a URL is shown with which the default login form can always be accessed to login using the internal database even when automatic redirection is enabled.
You can find a configuration example for Azure Active Directory here.
You can find a configuration example for Keycloak here.
This plugin was tested with
- A recent version v6.4.3 (PHP 8.1)
- the latest stable release v5.2.5
- the latest LTS release v3.27.28
and should work with all version 3.x or newer. Configuring user roles for new users is only supported starting with LimeSurvey 4.x.
The minimum required PHP version is 5.6.