Derrick Smith Header Image

GLPI IT Service Management Single Sign On using SAML

As an IT Director, I spend most of my time referencing information found inside the IT Service Management (ITSM) system and one of the better open source ITSM tools in the marketplace is GLPI. The feature set is massive and I’ve used this tool on and off for the last decade for IT inventory and helpdesk. On the security side, Single Sign On is paramount for authentication consistency and I tend to use SAML in most applications.

GLPI comes with several authentication options, including CAS, but it doesn’t include a way to authenticate users through SAML. As you may know, “Security Assertion Markup Language (SAML) is an open standard that allows identity providers (IdP) to pass authorization credentials to service providers (SP).” (Varonis) In our case GLPI is the SAML service provider and any number of SAML identity providers (Azure AD, ADFS, Okta, One login, Google IdP) can be used to authenticate users.

The good news is that GLPI has a plugin API that can be used to augment the software with additional features. Having worked with GLPI previously on my Nagios Event Handlers project, I was ready to dig in and create the functionality. Using the API.

The plugin relies on OneLogin’s SAML PHP Toolkit, which is a PHP library that helps web developers create a SAML Service Provider in existing PHP software. The plugin stores the SAML configuration in the database and the software takes several inputs that I mapped to fields in the plugin setup.

GLPI Plugin Settings

You can find the plugin at the GLPI Plugins website or at my repo on github. Please submit any bugs or feature requests to the github repo. If you found this plugin helpful, please leave a comment below.

Leave a Reply

Your email address will not be published. Required fields are marked *