Authentication without manually entering username and password

Since Virtualmin doesn’t have internal support ticketing system, we have to use external programs. We’d like customers using external ticketing system to be able to login to their Virtualmin UIs directly from their profile accounts without having to enter any username or passwords. Would be wonderful Virtualmin users could authenticate with some kind of secret tokens added as query to the URL instead of password authentication. IS this possible? Thanks!

Howdy,

Unfortunately, Virtualmin doesn’t support password-less logins.

-Eric

What if I file request to add such feature? This would be very much useful for those who would like to integrate Virtualmin into other programs like, for example, ticketing or billing systems.

Well, I had spoken with Jamie about your request. He didn’t seem keen on adding such a feature, I suspect for security reasons.

Though, he did mention that one workaround would be to use Virtualmin’s new two-factor authentication… and once you enable the two-factor authentication, to then unset the password.

That’s certainly a hack though, so I appreciate that it may not be what you’re after.

I’ll verify with him that there aren’t plans to add such a feature… I suspect not though, as it’s rare that there’s authentication related changes as significant as that one, and we haven’t received many requests for that feature.

-Eric

I see. Maybe my suggestion to use tokens was not right, but I believe there should be some other ways to integrate Virtualmin with external ticketing and billing programs without compromising the system. Some hosting companies integrate cPanel/WHM to their back-end systems and I really wouldn’t like Virtualmin/Webmin to be left behind for even one single feature/possibility. I believe Virtualmin/Webmin should maintain its superiority by opening its API to external systems.

I wonder does Virtualmin authentication system accept username and password fed by GET or POST methods and if yes what would be variable strings to use in URL or in the submit form? I really don’t think this is security issue since username and password is known only to legitimate registered users.

Edit: I see there is an option “Allow login without password for matching users from localhost” in Webmin > Authentication, however our ticketing and billing system is on another host, so localhost will not work in our case :frowning:

Howdy,

Sorry, Webmin and Virtualmin is not currently designed to work with an authentication system such as you’re describing. That is considered a security feature.

Yesterday, you mentioned that you were familiar with other control panels being able to integrate with various web apps, such as a ticketing system.

In order to help us review how such a setup might work, and what would go into building such a thing – can you point us to some info or documentation on how one might set that up with other tools, such as cPanel?

-Eric

Hi Eric,

For example, Siteground has very nice integration of cPanel into its customer portal system. If you login to their profile management, ticketing and billing system at https://ua.siteground.com/login.htm then you will see http://virtualmin.com/files/screen1_1.jpg If you click on “Go to cPanel” button then you find yourself in cPanel without having to deal with authentication http://virtualmin.com/files/screen2_0.jpg Thus Siteground customers don’t have to deal with multiple authentications, they login to a single portal where they have access to everywhere including server and website management UI as cPanel. It would be just wonderful if we could have similar functionality for Virtualmin.

When I click on “Go to cPanel” button on SiteGround portal then I automatically authenticate into cPanel and see URL like:

https://securem19.sgcpanel.com:2083/cpsess6889100515/frontend/Crystal/index.php?post_login=8126530506440

So I guess they utilize sessions for authentication, which expire when you click to Logout or in some time period. Why not to implement such a feature for Virtualmin?

Thanks for all the info!

We have a meeting coming up here soon, and I plan to bring up your suggestions, so we can discuss then in depth, as well as make sure that there isn’t a current way to do that.

Thanks for your suggestions,

-Eric