Skip to content

LimeSurvey plugin for OpenID / OAuth2 integration

Notifications You must be signed in to change notification settings

ulysseus-eu/limesurvey-oauth2

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

19 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

What is this

This is an authentication plugin for LimeSurvey enabling Single Sign-On with any identity provider using the OAuth2 protocol.

It uses the league/oauth2-client library and can be configured for any identity provider that supports OAuth2 with the authorization code grant flow and supports automatic creation of new users.

Installation

  • go to releases and download the latest release Zip archive
  • alternatively you can zip from sources:
cd ..
# for the plugin to install, the directory shall have the sames name as the php file
mv limesurvey-oauth2 AuthOAuth2
zip -r AuthOAuth2.zip AuthOAuth2
  • for LimeSurvey 5.x and above : upload the Zip archive in the plugin manager
  • for LimeSurvey 3.x: extract the Zip archive and place the contents in <limesurvey_root>/plugins/AuthOAuth2/
  • configure the plugin in the plugin manager
  • activate the plugin in the plugin manager

To test the latest development version git clone this repository into <limesurvey_root>/plugins/AuthOAuth2/ and run composer install in it to download all dependencies.

Configuration

Before activating the plugin open its configuration from the plugin manager.

With your identity provider create a new app for LimeSurvey and paste the Redirect URI shown in the LimeSurvey configuration there. Fill in the Client ID, Client Secret, Authorize URL, Scopes and Access Token URL into the plugin configuration according to the documentation of your identity provider.

The User Details URL should point to an API endpoint that provides a JSON object with details on the current user using the retrieved access token. The details should include a unique username, the e-mail address and a display name. Further below you can specify the keys of the JSON object containing these details.

With the Identifier Attribute you can configure whether users should be matched using the username or the e-mail with existing users in the LimeSurvey database. If Create new users is enabled new LimeSurvey users will automatically be created if they can not be found in the database. You can configure permissions and (starting with LimeSurvey 4.x) user roles that will be automatically assigned to all created users.

If Use as default login is enabled instead of showing the LimeSurvey login form users will be redirected to the configured OAuth2 identity provider and logged in automatically on success. Otherwise the user has to select OAuth2 as authentication method manually.

Below the Use as default login checkbox a URL is shown with which the default login form can always be accessed to login using the internal database even when automatic redirection is enabled.

You can find a configuration example for Azure Active Directory here.
You can find a configuration example for Keycloak here.

Supported LimeSurvey Versions

This plugin was tested with

  • A recent version v6.4.3 (PHP 8.1)
  • the latest stable release v5.2.5
  • the latest LTS release v3.27.28

and should work with all version 3.x or newer. Configuring user roles for new users is only supported starting with LimeSurvey 4.x.

The minimum required PHP version is 5.6.

About

LimeSurvey plugin for OpenID / OAuth2 integration

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • PHP 100.0%