Webserver authentication by http headers

Hello there,
I’ve started Matomo migration from 3.x mayor version, to 4.x mayor version. I’m just at 4.0.5 but I smell things are changed, under the hood.

My custom Authentication plugin can’t be recognized, because:

Authentication object cannot be found in the container

My custom plugin, is just checking existing headers from the authentication proxy. Is there a “core” way to authenticate users by checking existence of $_SERVER['HTTP_HEADERS']?
Such as: the username, the mail, the name… etc?

Or maybe there is a migration document I’m missing, describing deprecations?

@SteveG do you think I can adapt WebServerAuth Auth shipped with Login LDAP plugin? :thinking:

The plugin is licensed with GPLv3, so guess it depends what you are going to do with it.

Login-LDAP would work as is… If Kerberos SSO wouldn’t rely just on $_SERVER['REMOTE_USER'] but also on a customizable key. Unfortunately getAuthenticatedLogin() is a private method :thinking:

Maybe I can file a pull-request for a customizable key? Are you interested?

Generally speaking, I can’t figure out if Authentication has changed between 3.x and 4.x branch :face_with_raised_eyebrow:

We just have a Proxy authentication, headers driven