Single Sign-On Authentication Mechanism (#7601)

* Allow the URL a user is sent to after logging out to be customised
This is required for any authentication system that has a magic URL for logging out (e.g. /Shibboleth.sso/Logout).

* Allow auth plugins to return a username

This is a bit cleaner than the current auth flow, which special cases e.g. http authentication

* Add some tests, defaults and documentation

* Add single sign-on authentication mechanism

* Make HTTPAuth use the authExternal/getExternalUsername methods

* Add to acknowledgements

* Add reset method to Auth

html/includes/authenticate.inc.php

@@ -2,6 +2,7 @@
 
 use LibreNMS\Authentication\Auth;
 use LibreNMS\Authentication\TwoFactor;
+use LibreNMS\Config;
 use LibreNMS\Exceptions\AuthenticationException;
 
 ini_set('session.use_only_cookies', 1);
@@ -30,7 +31,7 @@ session_start();
 $authorizer =  Auth::get();
 if ($vars['page'] == 'logout' && $authorizer->sessionAuthenticated()) {
     $authorizer->logOutUser();
-    header('Location: ' . $config['base_url']);
+    header('Location: ' . Config::get('post_logout_action', Config::get('base_url')));
     exit;
 }
 
@@ -57,10 +58,8 @@ try {
             if (isset($_REQUEST['username']) && isset($_REQUEST['password'])) {
                 $username = clean($_REQUEST['username']);
                 $password = $_REQUEST['password'];
-            } elseif (isset($_SERVER['REMOTE_USER'])) {
-                $username = clean($_SERVER['REMOTE_USER']);
-            } elseif (isset($_SERVER['PHP_AUTH_USER']) && $config['auth_mechanism'] === 'http-auth') {
-                $username = clean($_SERVER['PHP_AUTH_USER']);
+            } elseif ($authorizer->authIsExternal()) {
+                $username = $authorizer->getExternalUsername();
             }
 
             // form authentication