PMA SSO link from external source

culibine · September 2, 2023, 2:10pm

Working on integrating hestia into my customer management system and came to the point where I want to make PMA SSO from my system.

There is v-add-database-temp-user and v-delete-database-temp-user. With addition I receive these details:

{
    "login": {
        "user": "hestia_sso_ncy4xE75kwnwN87h",
        "password": "T0dF2aMOJ3WbLeTR"
    }
}

Now, how to actually SSO to https://server.domain.tld/phpmyadmin ? I can’t use hestia_sso.php as it designed for internal hestia use. Should I implement my own SSO php script?

eris · September 2, 2023, 2:17pm

You should be able call

https://server.domain.tld/phpmyadmin/hestia-sso.php?database=<?= $key ?>&user=<?= $user_plain?>&exp=<?= $time?>&hestia_token=<?=password_hash($key.$user_plain.$_SESSION['user_combined_ip'].$time.$_SESSION['PHPMYADMIN_KEY'], PASSWORD_DEFAULT) ?>

Database: Database name
User: Hestia Username
Time: Current time

hestia_token: <?=password_hash($key.$user_plain.$_SESSION['user_combined_ip'].$time.$_SESSION['PHPMYADMIN_KEY'], PASSWORD_DEFAULT) ?>

$key = database
$user_plain = Username
$_SESSION[‘user_combined_ip’] = IP address of the user
$time = current time
$_SESSION[‘PHPMYADMIN_KEY’]

PHPMYAdmin key

culibine · September 2, 2023, 3:21pm

How this can by obtained via API? I have multiple servers with different API keys on each one.

eris · September 2, 2023, 3:31pm

V-list-sys-config if I am right

culibine · September 2, 2023, 3:37pm

v-list-access-keys admin json

And there is a bug, when v-list-access-keys json it prints shell format… Only with user provided json is formed. Anyway, thank you!

system · October 2, 2023, 3:38pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.