Centralized Authentication

From version 1.3.0 of clearFusionCMS centralized authentication is supported, this allows an install of clearFusionCMS to act as a master and have many other installations authenticate their users against the master.

While the master controls authenticate and the roles assigned to each user the slaves control the permissions granted to each role, therefore you can control how a member of each role is able to access each of the slaves.

To enable centralized authentication you need to first install the master then:

  1. Create a role on the master which has the permission core.users.
    If you wish the slaves to be able to manage the users and their roles then you also need to include the permissions core.usersdel, core.usersadd and core.usersroles
  2. Return to the dashboard and select API Keys and in the New API Key Description field enter the name of the slave that will be using the API key and click Add Key.
    Note: You should always create a unique key for each slave so the you can revoke just one key if the need should arise.
  3. Select the role that you created in step 1 and update the key.
  4. Make a note of the API key as you'll need to enter this on the slave.

Next install the slave and once complete you can use your favourite FTP client to editthe configuration file located at system/app/config/appConfig.php, you need to locate the following lines:

//$config['userAdapter'] = 'flUserAdapterRemote';
//$config['userAdapterEndpoint'] = '';
//$config['userAdapterAPIKey'] = '';
//$config['userAdapterCacheTime'] = 60;

These three lines provide the information required to allow clearFusionCMS to authenticate against a remote master.

If the master managers interface is at https://www.example.com/manager/ and the API key generated in step 2 above is 9ce56c69fd319ecd5df69d4c8d1777a58caf7605 then you need to change the above configuration options to:

$config['userAdapter'] = 'flUserAdapterRemote';
$config['userAdapterEndpoint'] = 'https://www.example.com/manager/api/';
$config['userAdapterAPIKey'] = '9ce56c69fd319ecd5df69d4c8d1777a58caf7605';

$config['userAdapterCacheTime'] only needs to be changed if you want to change from the default cache time of 60 seconds.